Finally, a win-win-win for development, QA, and security! If your development team is looking for easier ways to incorporate security earlier in a way that’s simple, easy and that your team to understand, we may have a solution for you. Security defects are like any other defect. Finding them early saves money and time. There are tools that execute security tests for security professionals – like Rapid7‘s (formerly NT OBJECTives) AppSpider. AppSpider can use the application knowledge defined Selenium scripts to execute a better, more comprehensive security test on an application. (more…)
Posts Tagged ‘Security’
At Sauce Labs, we are hard at work identifying new ways to make adoption and usage of our products as simple and frictionless as possible. For larger organizations onboarding hundreds of users, managing access and security can quickly become challenging. To simplify the onboarding process and provide greater account security, we have rolled out integrations for four popular Single Sign-On (SSO) providers, including Ping Identity, OneLogin, Okta, and Microsoft Active Directory Federation Service (ADFS). At a high level, an SSO Identity Provider (IdP) provides a single gateway through which users can access an array of applications without logging into each application separately. A user logs into the IdP with one set of credentials and gains access to all connected applications through that same login. (more…)
At Sauce Labs, we take security seriously. We recognize we have a responsibility to protect customer data, and we’ve designed our systems with that responsibility in mind. In this post, we’d like to take the time to explain some of our practices. (more…)
While we have not found any signs that Sauce Labs or its users were negatively impacted by the Heartbleed vulnerability, we take security very seriously and are taking steps to remediate any exposures relating to it. This blog post is part of that effort.
We have determined that the Heartbleed vulnerability has no impact on the Sauce Labs web interface or REST API. However, Sauce Connect is affected by the vulnerability. Users of Sauce Connect should read more below.
Again, if you are not using Sauce Connect, this vulnerability had no impact on your Sauce Labs tests. For the Sauce Labs web interface and REST API we use an unaffected version of OpenSSL. This can be validated here:
IMPORTANT: For Customers Using Sauce Connect
For our customers who use Sauce Connect to test their applications behind their firewall, we have no specific evidence that data has been compromised. We have now updated our Sauce Connect servers so they are no longer vulnerable to new attacks enabled by the Heartbleed bug.
During the period of time when the Sauce Connect servers were vulnerable, attackers may have gained access to customer test data (traversing the Sauce Connect tunnel). If that has occurred, attackers may have the ability to similarly compromise future Sauce Connect 4.0 and 3.0 sessions. Again, we have no specific evidence that this has actually occurred.
As part of closing this potential vulnerability we have updated our certificates for Sauce Connect in version 4.1, and released a version 3.1 with updated certificates for those customers who prefer to stay with the 3.x line for now.
Customers will need to:
- Upgrade to Sauce Connect 4.1 or 3.1 as soon as possible:
Sauce Connect 4.1
OS X: https://saucelabs.com/downloads/sc-4.1-osx.zip
Sauce Connect 3.1 (cross-platform):
- Change all passwords that could potentially have been affected if an attacker did have access to test sites and commands.
We hope this email answers your questions about the impact of CVE-2014-0160 on your Sauce Labs applications. Feel free to reply back to this email to reach our Customer Support team with follow up questions.
The Sauce Labs Team
Learn all about best practices and strategies for testing apps behind a firewall and how to use Sauce Connect during our next online workshop! Join speaker Mike Redman, Director of Sales Engineering at Sauce, on Tuesday, March 11, 2014, at 11:00 AM Pacific Time for the latest.
Whether you’re at the enterprise or startup level, security is a hot topic. That’s why we created Sauce Connect. Sauce Connect creates a secure tunnel between your firewalled app and the Sauce cloud so you can run your tests knowing that your data is encrypted through industry standard TLS.
Keeping our security standards in mind, we completely rewrote the app. With the launch of our latest version, Sauce Connect 4, your tests will now run faster than ever, even with heavy loads. It’s better performing, more reliable, and gives broader support for a wider range of web standards, including Websockets.
Mike will walk you through testing behind a firewall and how to use Sauce Connect 4. A live Q&A session will follow. Register today!