webhook-sentry
awesome-webhooks
webhook-sentry | awesome-webhooks | |
---|---|---|
1 | 2 | |
51 | 166 | |
- | - | |
3.1 | 5.0 | |
about 1 year ago | 5 months ago | |
Go | ||
Apache License 2.0 | Creative Commons Zero v1.0 Universal |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
webhook-sentry
-
Webhooks.fyi
>Domains that resolve to private IPs: attacker could set up foo.com which resolves to a private IP
There's a clever extension to this attack; a naive way to mitigate it is to do a DNS resolution first to verify it's not a private IP and then do the actual request. An attacker can simply return a public IP on the first DNS resolution (with a 0 TTY) and then return a private IP on the second. This is called a "TOCTOU" (time-of-check time-of-use) vulnerability. I've written about this and other security best practices on my blog here - https://www.ameyalokare.com/technology/webhooks/2021/05/03/s...
I've also built an egress proxy that prevents such attacks here - https://github.com/juggernaut/webhook-sentry
Same caveat applies, use at your own risk :-)
awesome-webhooks
-
📚 Webhook resources (Updated Aug 19 2022)
Awesome Webhooks
-
Webhooks.fyi
This is a fantastic resource! Thank you to the folks at ngrok for putting this together! As this site makes clear: webhooks are harder than they appear. Even just consuming webhooks it's easy to get bogged down dealing with issues around rate limits or recovering from bugs that cause missed events! Missed events being particularly painful with platforms that don't offer replay / retry.
Disclaimer: I work at https://hookdeck.com/ & I shamelessly plug our tool for giving you an awesome developer experience working with webhooks and helping deal with some of the concerns brought up on webhooks.fyi.
And if you are interested in webhooks at large a couple more resources worth checking out is the awesome-webhooks[1] list and the r/webhooks[2] subreddit (I just got ownership of the sub and started dusting it off this week after being neglected for the past few years! Please, come join!)
[1] https://github.com/realadeel/awesome-webhooks
[2] https://www.reddit.com/r/webhooks/
What are some alternatives?
webhooks.fyi - webhooks.fyi site
svix-webhooks - The enterprise-ready webhooks service 🦀
hookdeck-cli - Receive events (e.g. webhooks) in your development environment