Secure By Design Newsletter - Vol. I Issue I
Pangea joins GitHub Copilot Extensions Partner Program
We are thrilled to join the GitHub Copilot Partner Program and launch the Pangea extension for Github Copilot , which Microsoft CEO Satya Nadella announced at the #MicrosoftBuild 2024 Keynote.
Millions of developers use GitHub Copilot to build applications and now they can easily add pre-built, composable security features like auth, secure audit logging, and threat intel directly to their apps via the Pangea extension.
It’s exciting for us to support developers who need to build apps quickly and securely via the combined power of #AI assistance integrated with our #composablesecurity platform!
Learn more in our press release:
🆕 Product Updates
We’re excited to announce that the Pangea AuthZ service is now generally available. With #AuthZ, you can centralize your authorization policy and reuse it across all of your apps, users, and services through our API. Evolve your policy from role-based to relationship-based seamlessly without rebuilding your app.
We launched our AuthZ service on Product Hunt today! Click this link for a special offer 📣
With our new Postman Collections, you can get set up with and explore our APIs in minutes. These are generated directly from our OpenAPI definitions to ensure they are always complete and accurate. Let us know what you think!
Multi-factor #authentication is a key security feature but temporarily allowing a user to bypass it can make a better experience. With Remember My Device, you can skip a secondary factor after successfully authenticating previously.
The multiple configuration feature in Secure Audit Log allows users to create and manage multiple configurations within a single project, offering enhanced customization and control over logging and auditing settings. We just added Config Cloning to make it easy to create a new configuration that has a lot in common with one you already have.
We’ve added a new export API that allows you to request a bulk export of the Secure Audit Log records for a given period of time. The call is asynchronous and can take hours to complete depending on the number of records requested. When the request is complete, the download_results API is used to download the exported logs.
The pangea-cli command line utility has been getting some love from the engineering team. The latest release improves messages, fixes some minor bugs, and sets the stage for some exciting upcoming features. Install and use it today, and stay tuned for more to come.
To keep up with all of the changes and updates on the platform, visit our change log.
👇 Pango's Picks
We're proud to be among the 68 vendors that signed Cybersecurity and Infrastructure Security Agency 's Secure by Design pledge at #RSAC. Cheers towards building a more secure future together!
In this tutorial, we show you how to leverage Pangea AuthN’s hosted pages to be able to quickly configure #passkeys without building all the cryptographic mayhem from scratch. Just start with a fresh new NextJs app and implement passkeys in a few steps.
In this tutorial, we show you how to leverage Pangea AuthN’s hosted pages to be able to quickly configure #passkeys without building all the cryptographic mayhem from scratch. Just start with a fresh new #Django app and implement passkeys in a few steps.
Recommended by LinkedIn
Managing traditional security tokens like RSA Tokens and Yubikeys has been cumbersome and prone to loss, complicating deployment for administrators and usage for users. Scaling up with hard tokens becomes impractical, while alternatives like security questions pose weaker defenses. #Passkeys offer a promising solution, balancing usability and security effectively.
In Ambassador ’s latest podcast, our PM, Keith Casey™️ , speaks about #authentication and #authorization as crucial aspects of building secure and reliable distributed systems. Listen in to figure out how to give your devs the effortless auth they're seeking. 🎧
Our hackathon competition wrapped up in early May and we announced the winners! If you’re interested in seeing examples of Pangea services being used in applications, check out this blog that includes demos for prize-winning projects.
📚 Secure by Design Education Hub
Developers of all levels can grow their security knowledge and keep up with all the latest in #cybersecurity.
Comprehensive secrets management solutions are integral to reducing associated risks and should be considered a cornerstone of core infrastructure. In this article, we delve into various secret storage and management options, discuss strategies for selecting and implementing these solutions, and explore approaches for integrating secrets into software.
Embracing the #SecurebyDesign approach establishes a foundation that yields various benefits for developers, organizations, and customers/end-users alike. This article highlights some key benefits to app creators and their organizations. Together, these suggest that it is worth any needed initial investment.
📅 Upcoming Events
Developer advocate, Vanessa Villa , will be presenting “Software Development, Security, and Compliance” on Thursday 2:30-3:30pm
Dev Advocate, Pranav Shikarpur , and PM, Keith Casey™️ , will be presenting throughout the conference and giving custom demos at our booth. Don’t miss the fun!
📅 Events we attended in April
BSidesSF
RSA
Gartner Application Innovation & Business Solutions Summit
SW2Con
Until next time,
The Pangea Team
Technical writer 📝 | Cyber security Advocate 🛡 | Future Cisco press writer 📝
5moMuch needed!