Buy or Renew
Buy or Renew
Cisco Community present at Cisco Live EMEA 2023. See you in Amsterdam! Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1683
Views
5
Helpful
4
Replies

Incoming WebHooks Security

shockocisco
Beginner
Beginner

‎06-19-2020 02:09 PM

It appears to me that there is no real security in Incoming Webhooks. I'd like to use it to send some alert messages from Azure/OpenShift etc. but it seems like the 'security' it uses is just a long hard to guess URL. There's no authentication per say. Is there any info I could use to get this past me security teams? Any math even on how hard it is to guess that URL path ?! :)

Labels:
0 Helpful
4 Replies 4

omz
Collaborator
Collaborator

‎06-20-2020 10:30 AM

Hi

It depends on the url - with https its as safe as browsing any https site

 

0 Helpful

shockocisco
Beginner
Beginner
In response to omz

‎06-22-2020 02:22 AM

I don't agree with that statement. You are not browsing but enacting some potential action based on posting to that incoming WebHook. I have seen other WebHooks that require something in the payload for auth. Perhaps I should use the API to post messages. 

0 Helpful

dstaudt
Cisco Employee
Cisco Employee
In response to shockocisco

‎06-22-2020 07:17 AM

I think your understanding is pretty accurate.  Certainly using the full REST API is preferable from a security standpoint, where the secret is not present in the URL/params.  Use of incoming webhooks is going to trade some safety for convenience when you just need a quick and dirty chat-ops notification...

shockocisco
Beginner
Beginner
In response to dstaudt

‎06-22-2020 01:54 PM

I guess so. Not sure my sec guys will go for this. I guess it's about showing that worst case is a DDOS or a flood of messages to a space. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents