Qase API Token
Service Name: Qase
Service Description: Qase is a test management platform that helps teams manage test cases, test runs, and defects. It provides tools for organizing testing processes, tracking results, and generating reports.
Service Address: https://qase.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level in the security settings.
Secret Access Scope: Grants programmatic access to Qase API, allowing management of test cases, test runs, defects, and other testing resources.
Secret Revokement URL: https://app.qase.io/user/api/token
Secret Example: f4c9bd0e2b4d5a6c7d8e9f0a1b2c3d4e
Suspicious Activity Investigation Instructions:
- Review API access logs in your Qase account for unusual activity.
- Check for unauthorized test case creation, modification, or deletion.
- Monitor for unexpected test run executions or result modifications.
- Verify if there are any unauthorized project access attempts.
- Look for unusual API calls or access patterns from unfamiliar IP addresses.
Mitigation Instructions:
- Log in to your Qase account and navigate to User Profile > API tokens.
- Identify the compromised token and click the Delete button next to it.
- Generate a new API token if needed.
- Review and update your token permissions to follow the Principle of Least Privilege.
- Consider implementing IP restrictions for API access in organization security settings.
- Update any applications or integrations to use the new token.
- Review your security practices for storing and handling API tokens.