Systems | Development | Analytics | API | Testing

From custom-made to plug-and-play forms of authentication, Ruby developers have plenty to choose from these days. Yet, as you may know, building your own solution can be costly and dangerous. If Devise is the de facto standard for most teams, an alternative might simplify the lives of most. This article will cover the setup and use of Auth0 in a Ruby on Rails application, including everything you need to get going properly, from handling roles to relying on multiple providers to authenticate users.

In a previous blog post, we discussed the prevalence of bearer tokens (or access tokens) to restrict access to protected resources, the challenges the sheer nature of bearer tokens present, and available mitigations. To recap, presenting a bearer token is proof enough of an authorization grant to avail the service and access resources protected by the token. This poses many security risks such as using stolen or leaked tokens to gain unauthorized access.

Securing your software is essential in this day and age when cyber dangers may be found anywhere on the internet. Take a look at these concerning numbers: These numbers demonstrate the need for proactive security testing services like penetration testing, a.k.a. pen testing. Pen testing imitates real attacks on your applications to identify weaknesses before nefarious actors use them.

Organizations deploying Siemens SIMATIC PLCs (Programmable Logic Controllers) will logically want to track and manage PLC metrics. Exactly how these metrics are managed will depend upon the specific needs of the organization. For instance, organizations that would like to send PLC data directly to a Microsoft SQL Server database can use the TDS (Tabular Data Stream) protocol. But what if you wanted to subsequently access this data via a REST API?

With mobile apps expected to reach more than 183.7 billion installations globally, there has also been an increase in mobile app security threats. Today’s cyberattacks are highly sophisticated, requiring constant vigilance due to many unknown or emerging threats. These threats require a proactive approach to mobile application security. End users can take steps to protect sensitive data on their devices, such as avoiding unprotected public Wi-Fi and setting up multi-factor authentication.

In today’s digital world, APIs have become key to connect apps and services, both internally and externally. However, when integrating with external entities like partners and service providers, API security is a major concern for businesses. And from a user’s perspective, traditional authentication approaches in mobile apps or digital channels often deliver a less-than-ideal digital experience.

Application developers want to provide the most secure and seamless login experience for their users, but even when following OAuth and OpenID Connect (OIDC) best practices, user experience issues can still be a problem. In this article, we will walk through how developers can provide a secure and seamless login experience to users by providing the login functionality natively within the app itself.

In this age of modern era, where privacy is one of the biggest concern SSL/TLS certificates plays a vital for secure communication over the internet. They encrypt data, ensuring it is transmitted securely between servers and clients. However, while working with SSL/TLS, you may encounter the "Unable to Get Local Issuer Certificate" error. So let’s try to understand why this error comes and what is SSL/TLS.

Understanding and configuring the Access-Control-Allow-Origin header is critical for developers managing cross-domain requests. In this blog, we will look at setting the right headers to enforce security while allowing data exchange between different domains, including handling cross-domain requests as specified by the CORS specification. Prepare to equip yourself with the tools to implement cross-origin resource sharing effectively.