CrossBrowserTesting API Key
Service Name: CrossBrowserTesting
Service Description: CrossBrowserTesting is a cloud-based testing platform that allows developers and QA teams to test websites and mobile applications across multiple browsers, operating systems, and devices.
Service Address: https://crossbrowsertesting.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through the CrossBrowserTesting dashboard.
Secret Access Scope: Grants programmatic access to CrossBrowserTesting's API, allowing users to run automated tests, access screenshots, and manage test configurations.
Secret Revokement URL: https://app.crossbrowsertesting.com/account/apikey
Secret Example: u123456789abcdef123456789abcdef1
Suspicious Activity Investigation Instructions:
- Review the CrossBrowserTesting dashboard for unusual test runs or activities.
- Check API usage logs for unauthorized access or unusual patterns.
- Monitor for tests being run from unexpected locations or at unusual times.
- Review any automated test scripts that might be using the compromised API key.
- Check for unexpected billing charges that might indicate unauthorized usage.
Mitigation Instructions:
- Log in to your CrossBrowserTesting account.
-
Navigate to Account > API Access.
-
Click on "Reset API Key" to invalidate the current key and generate a new one.
- Update all legitimate applications and scripts with the new API key.
- Review and update any IP restrictions for your account if available.
-
Consider implementing additional security measures such as regular key rotation.
-
Review access logs to determine the extent of any potential breach.