Systems | Development | Analytics | API | Testing

Security

How to build your own user authentication system in Rails

When building an app, you'll probably need to handle user authentication in one form or another. In Rails applications, several pre-built libraries and gems make it a breeze to build user authentication including well-known libraries like Devise, Doorkeeper and OmniAuth. These libraries work well out of the box, but there's a caveat, as developers must follow certain configuration and design rules for each library.

Generative AI in Insurance: How is Generative AI Helping in Risk Assessment and Claim Processing

Generative artificial intelligence represents a category of AI that utilizes generative models to produce text, images, or other forms of media. These models grasp the intricacies and structure of their input training data, enabling them to generate new data with similar characteristics. In insurance, generative AI plays a pivotal role in expediting digitization processes.

Tightening Bearer Token Authentication with Proof-of-Possession Tokens Using Kong

In token-based architecture, tokens represent the client’s entitlement to access protected resources. Access tokens (or bearer tokens as they're commonly known) are issued by authorization servers after successful user authentication. The tokens are passed as credentials in the request to the target APIs which inform the API that the bearer of the token is authorized to access the API and perform certain actions.

What is Penetration Testing? Definition, Guide, Best Practices

Cyberattacks are terrifying because of their potential to wreak havoc on a massive scale. The interconnectedness that the internet provides can totally be exploited. Quality assurance teams around the world have to be prepared against such disastrous scenarios, so they sometimes launch authorized cyberattacks on their own systems to check for vulnerabilities. This process is known as penetration testing, or pen testing for short.

Your Secrets and Tokens are Secure with Kong Gateway Enterprise 3.5

Kong Gateway Enterprise 3.5 is packed with security features to support the use cases demanded by our enterprise customers through major improvements in Secrets Management integrations and our Open-ID Connect (OIDC) plugin. Additionally, we’ve added key security updates for a few of our AWS integrations.

Fortifying Our Defenses: Lessons from the Colonial Pipeline Cyberattack for Critical Infrastructure Security

30% of Critical Infrastructure Organizations Will Experience a Security Breach by 2025 – Gartner Gartner’s insight underscores the critical need for organizations to reassess their cybersecurity approaches and learn from past disasters, such as the Colonial Pipeline security incident. This highlights the importance of increased vigilance and readiness within the energy industry, spurred by earlier wake-up calls.

Learn encryption and decryption in Typescript

Learning encryption and decryption in TypeScript involves understanding cryptographic concepts and utilizing cryptographic libraries to perform secure encryption and decryption operations. In the digital age, data security has become paramount. Protecting sensitive information from unauthorized access has led to the widespread use of encryption and decryption techniques.

Snowflake Announces Cyber Essentials Plus Certification

Ensuring a seamless data experience that complies with regulatory frameworks, particularly in the public sector, is crucial. Research from the U.K. government found as many as 32% of businesses and 24% of charities suffered online breaches or cyberattacks in the last 12 months. In this increasingly interconnected world, national stability depends on thoughtful data governance and safeguarding.

AS2 vs. SFTP: Key Differences & How to Choose

Businesses of all sizes need secure and scalable methods for sharing information, but it's not always clear what the best protocols and solutions are for each use case. Two of the most commonly used data transfer protocols are Applicability Standard 2 (AS2) and Secure File Transfer Protocol (SFTP). While AS2 is a protocol-based standard that's most often used for data transfers that require proof of receipt, SFTP is a more commonly used protocol for secure, scalable file transfer.

Get started with security: Vite, React, and Ably Token Requests for API access

SaaS APIs typically require some kind of authentication to allow access. While there are many ways that APIs can implement authentication, one popular choice is using secret keys as the scheme. Exposing secret keys directly to a client application however can create security risks, so how can client applications based on libraries like React securely access SaaS services? Many APIs, including Ably, offer an additional client-oriented token authentication system.