Webhook-sentry Alternatives
Similar projects and alternatives to webhook-sentry
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
webhook-sentry reviews and mentions
-
Webhooks.fyi
>Domains that resolve to private IPs: attacker could set up foo.com which resolves to a private IP
There's a clever extension to this attack; a naive way to mitigate it is to do a DNS resolution first to verify it's not a private IP and then do the actual request. An attacker can simply return a public IP on the first DNS resolution (with a 0 TTY) and then return a private IP on the second. This is called a "TOCTOU" (time-of-check time-of-use) vulnerability. I've written about this and other security best practices on my blog here - https://www.ameyalokare.com/technology/webhooks/2021/05/03/s...
I've also built an egress proxy that prevents such attacks here - https://github.com/juggernaut/webhook-sentry
Same caveat applies, use at your own risk :-)
Stats
juggernaut/webhook-sentry is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of webhook-sentry is Go.
Popular Comparisons
Sponsored