Developer Newsletter - February 2024
Romana Vasyleha
👥 Join our community in our new home!!
👉 https://community.pangea.cloud/
We’ve created a new place for all of you to ask questions, submit feature requests, showcase projects, and help each other out! Slack has been great for our early community activity but we’re moving over to a proper forum to scale up what we do in our community. In our new channel, you’ll be able to:
easily search for answers to commonly asked questions
check out how others have been applying Pangea in their projects and applications
find inspiration in how others are applying Pangea services in new and interesting ways.
When you join the community, please introduce yourself in the “Introduction” category so that we can all learn more about each other!
🆕 Product Updates
🔗 SAML Authentication for Single Sign-On (SSO)
With this AuthN update, we’ve added SAML as an authentication option for seamless Single Sign-On with any enterprise Identity Provider (IDP). Using SAML creates a strong connection between your existing security configuration and downstream applications, creating benefits like enhanced security and compliance, efficient user management, and a streamlined user experience.
A key part of moving to an Identity Provider is painlessly migrating users without sending mass password reset emails annoying users. With our new User Import capabilities, you can export from your own user store and import directly to Pangea allowing your users to complete onboarding at their pace at their next login.
Pangea services are now generally available (GA) on GCP. When you’re creating an organization, you can select the cloud provider you wish to operate on. This is helpful in co-locating Pangea services with where your application is hosted. The APIs are the same across both GCP and AWS platforms - the only difference is the domain you use to access the API.
With this release, we’re excited to announce General Availability of Passkeys for all accounts. Passkeys are a replacement for passwords and are a standard-based technology protected by the biometrics or PIN of your device. Unlike passwords, they are resistant to phishing, are always strong, and are designed so that there are no shared secrets. They simplify account registration for apps and websites. They are faster to sign in with, easier to use, and much more secure.
Onboarding your users is the hardest part of changing Identity Providers. With Pangea’s new Hashed Password Import capability, you can import your users with their existing passwords seamlessly. At their next authentication, they’ll be prompted for a new password and their account will be activated in seconds.
With Integrated Service Auditing, we have extended our AuthN service to leverage our Secure Audit Service to capture every significant event within AuthN. Now you can determine who attempted to log in when, what MFA options they used, and the result of the attempt. This is a key capability for AuthN to improve debugging, compliance, and overall auditing of the system as a whole.
To keep up with all of the changes and updates on the platform, visit our change log.
👇 Pango’s Picks
A Guide to Choosing a Secure Vault for Your Application Secrets and Keys
So you’ve decided to throw away those .env files with all your app secrets and move to a more secure option. Well first off, congratulations 🎉, you’re on your way to evading cyber attacks involving exposed secrets! Read on to learn more…
Integrate an Audit Trail for NextAuth.js in a few lines of code
In a world where hackers are trying to brute force user accounts (23andMe breach 2023) and session tokens are being stolen (OKTA breach 2023) to impersonate authenticated users and run critical user actions, it is highly important for developers to maintain a tamper-proof audit log of all authentication events to keep their apps secure.
Where is the incentive for devs to add security?
Check out this short reel covering a discussion between our dev advocates.
💻 New on our site!
Have you checked out our home page’s refreshed design? ✨ Let us know what you think about the update!
If you’re building a fintech or financial services app, you're in luck! 🌟🏦📱 We developed a comprehensive guide explaining how you can accelerate security, compliance, and growth with our essential security building blocks. Check it out!
We're thrilled to share our new case study, highlighting SiteMana's integration of Pangea's IP Intel and Domain Intel security services into its AI-powered email marketing platform. This partnership exemplifies our efforts in providing clean and safe data to your customers.
Did you know there is research behind why building Secure by Design applications is important? Read this report developed by the Enterprise Strategy Group that dives into the stats behind the application security industry.
We made it easier for you to see how our payment system works. Choose how much you are using each service and we’ll tell you how much it costs (the beauty of pay-as-you-go).
📚 Secure by Design Education Hub
A Taxonomy of Practices for Secure by Design Apps
There are many practices involved in fully embracing Secure by Design, but there has been little in the way of an actionable list of what app developers and their organizations should do to achieve it. Thus we set out to resolve that through this taxonomy and the various articles on the Secure by Design Education Hub.
Secure by Design Organization Considerations
Embracing Secure by Design is not just about building more secure apps, it is about building trust. As you implement it, there are real benefits for both your organization and your customers. This requires certain cultural elements. The benefits, including reduced security risks, increased customer trust and brand reputation, and increased opportunities, should outweigh any needed initial investment.
📅 Upcoming Events
In March we will be announcing our next exciting hackathon with Devpost! We can’t tell you all the details yet but you will love the new story format and will have 30 days to get your submissions in. Make sure you follow us on social and our new forum to get the details first!
📅 Past Events
THAT Conference - Pangea at THAT: Texas Edition
At the end of January, Pangea was at THAT Conference Texas edition. Keith Casey and Vanessa Villa presented on “Cloud Design Patterns” and “Secure by Design and what that means in practice”. Read the recap with their thoughts on our blog!
Last week, Dev Advocate Vanessa Villa was at #DevWeek2024 to present “The New Developer Dance". Her presentation focused on why "Shift Left of Left" Security is key in software dev.
🧑💻We’re hiring!
We’re growing. Here are some roles we are hiring for!
For more openings, view our careers page!
Thats it for this month. Thanks for tuning in!
The Pangea Team
More Articles
Services
Case Studies
Use Cases
