Pangea

Most developers know that writing authorization code is painfully hard. For starters, most existing #AuthZ tools require commitment to either RBAC or ReBAC. That eventually becomes a problem when applications mature and grow in use cases. The code explodes in complexity since developers have to reverse engineer the boundaries of their entire application and then design how, when, and where to enforce them. Pangea is here to solve that problem. Today, we just launched our new AuthZ service on Product Hunt, where developers can add fine-grained relationships and policies in minutes that scale with #compliance needs. Our goal is to help developers ensure that the right users have the right access to the right parts of their app at the right time. To summarize, here is what makes Pangea AuthZ special: → Meet your current needs without blocking you from meeting later needs with a simple path from #RBAC to #ReBAC → Add ABAC policies that record the context of the user, their request, or even the resource they are interacting with (leveraging other Pangea services) → Leverage Pangea’s #AuthN service to provide a high assurance level around the user and their identity → Centrally create, maintain, reuse, and audit your access policies across every app without policy sprawl and drift. Check out the link in the comments for a special offer on Pangea AuthZ. #SecureByDesign #SecDevOps #CyberSecurity

If you have a #Kubernetes cluster (or two or two dozen) you may be surprised by the risks of handling secrets in your workloads. We published a handy article that overviews k8s secrets, the challenges of managing them, and various risks if such secrets were to become unintentionally disclosed. Even further, we dive into the how-to's for mitigating these risks and the different facilities for #k8s. Don't avoid securing your app before it's too late. Learn skills through Pangea’s Education Hub today. Link to article in comments 👇 #CyberSecurity #KubernetesSecrets #SecureByDesign

What a night! A large thank you to Semgrep, Leif Dreizler and all those who attended last night's event at Fools Gold #NYC to discuss and learn about all things Secure By Design. If you missed out and want to grow your #CyberSecurity knowledge and learn how to build secure apps, check out our #SecurebyDesign Education Hub: https://lnkd.in/d7DwfAGw Pangea #DevOps #AppSec #InfoSec

Auth0 by Okta has over 4,000 customers in the US... and all of them are logging user login activity. 👤 If that includes you, there are a couple of reasons why your logs may require some improvement. 👇 For starters, Auth0 log retention is 30 days MAX (with their enterprise plan $$). From our perspective, that is not long enough to meet the compliance requirements most of us are facing (#SOC2, #HIPAA, etc.) Point no.2, nobody wants their logs to be messed with. That's why they need to be tamper-proof and verifiable (aka super secure). If you're still reading, you clearly want a more secure audit logging solution (yay!) Luckily, if you use Auth0 you can also use Pangea Log Streaming via the Auth0 Marketplace. Here's why Pangea audit logging is awesome: 1. Up to 10 years of log retention! (120x what you probably have rn) 2. Keep your Auth0 authentication setup the same because it's that easy to integrate 3. Logs can never be changed or destroyed thx to cryptographic verification & Merkle Trees If this sounds like something you need, check the link in our comments to learn how to set it up in < 5 min (literally) #CyberSecurity #Auth0 #LogStreaming #SecureByDesign

Join us in NYC TOMORROW with engineering-minded security professionals for drinks and appetizers. 🍻 Please fill out this form to request admittance. Feel free to invite colleagues, just have them register in advance :) We are looking forward to seeing you there! Hosted by Pangea & Semgrep #SecurityMeetup #SecurebyDesign #SecurityEngineer #SecurityEvent

Just published - our brand new 2024 Hype Cycle for APIs! - AI, of course, is a big factor this year. AI Gateways are new on the Hype Cycle, both from specialists like Aguru and Portkey, and from established API Gateway vendors like Kong Inc. and IBM. It will be very interesting to see how this particular market plays out. We also include AI used to create APIs, and AI used to consume APIs, on this year's Hype Cycle. - API security is well represented on the Hype Cycle. This year that includes Composable security APIs, including vendors like Pangea and Skyflow, which is climbing up the Hype Cycle - API aggregators, such as Knit and Merge, continue to gain momentum - GraphQL APIs are headed towards the Trough of Disillusionment, where Service Mesh still sits. - Many industry API initiatives now feature on the Hype Cycle, with finance furthest along, then industries like insurance and healthcare, and finally supply chain APIs which are most nascent. Check out the Hype Cycle for APIs here: https://lnkd.in/ejQNTQ3h . And a big thanks to my co-author John Santoro!

Most developers didn't get into software development to code audit logging features or authorization schemas, right? Which is why it's great to see composable security on the Gartner Hype Cycle map. Developers already leverage composability across feature domains like communication (e.g. Twilio) and payments (e.g. Stripe)....now it's time to transform the industry approach to security features (e.g. AuthN, AuthZ, secure file sharing, and audit logging, just to name a few). Composable security can accelerate development velocity, reduce tech debt, and give security and GRC teams visibility and configuration ability around an app's core security functionality for risk reduction and compliance.

When was the last time you checked your API keys and DB passwords? 🤔 If you can't remember, it is probably time to change your storage habits. Nobody wants a data breach.... and tokens/credentials/keys are the main source for unauthorized access, manipulation, and API misuse. Luckily, fixing this mess does not have to be painful. Creating a well-defined strategy for storing and managing these items is as easy as 1, 2, 3. We developed a thorough guide to tell you exactly what steps you can take TODAY to make your app more secure TOMORROW (link in the comments. check it out!) #CyberSecurity #SecureByDesign #KeyManagement Pangea

Unlock the potential of secure healthcare application development with our cutting-edge solutions that ensure privacy, security, and compliance 🔒 Step into the future of healthcare with us. Click to learn more! 👉 https://hubs.la/Q02sZ6R00 #healthcaresecurity #cybersecurity #healthtech

Catch us at #kcdc2024 today and tomorrow! 🕺 Meet us at our booth to win a free pangolin stuffy and chat about securing your application in under 5 minutes. Our team members on the ground: Vanessa Villa, Michael Weinberger, John Addison Gamble 👯 #CyberSecurity #DeveloperConference #SecurebyDesign