Developer Newsletter - January 2024

Romana Vasyleha

🏛️ Pangea on Capitol Hill

“This was a visit where we had the opportunity to interact with law and policy makers, and their staffers, on the topics that keep all of us in software and security up at night…The standard behavior in software development is to ship features fast, and secure them later. This is something we collectively need to change.”

Pangea CPO, Robert Truesdell's, recent meeting on Capitol Hill with Okta was more than just a meeting; it was a chance to directly influence the policies that govern our digital world. In his latest blog post, he shares his experiences and insights from this memorable event, highlighting the importance of bridging the gap between technology leaders and policymakers.

We encourage you to read the recap and join us in this ongoing conversation about the future of cybersecurity. Your thoughts and feedback are invaluable as we continue to advocate for robust, secure, and innovative security solutions.

Read the full story here 👉 https://l.pangea.cloud/9zCBByE

🆕 Product Updates

☁️Now available on GCP

We’re excited to announce that we’ve just launched Pangea's Security Platform as a Service (SPaaS) to the Google Cloud Platform! This makes it even easier for you to add our API-based security services to any app and create a more secure, compliant application experience, accelerating your time-to-market and ability to scale.

🔀AuthN integration with Intel

The latest AuthN update integrates threat intelligence services for enhanced application and user security. It includes Embargo, IP Intel, and Domain Intel for real-time user screening during registration or authentication. Fully configurable via the Pangea User Console, it boosts security without code changes, providing detailed connection and user context for improved logging, customization, and policy enforcement.

🔐Vault Quantum-safe Cryptographic algorithms

Secure your app’s data against quantum computer attacks by using our new Post-Quantum Cryptography Algorithms. Dilithium and SPHINCS algorithms have been implemented in Vault for signing purposes. You will now be able to see them available in the console and docs.

🔒Vault New Bulk Encryption API

There is a new Encrypt-Structured Vault API that can take bulk data in JSON format along with a JSONPath spec that defines the specific fields in the bulk data to be encrypted. The functionality is similar to our Redact-Structured API. There is also a corresponding Decrypt-Structured Vault API to perform decryption.

📄Bulk queries for Intel

The File, IP, URL, Domain, and User Intel APIs now support bulk queries. There are new /v2 versions of these APIs that take an array of 1 to 100 items for queries instead of just a single item. When querying for a single item, the response is synchronous; queries for 2 or more items give a 202 response along with a request_id that can be used to poll for completion and the final result. See the Asynchronous API Responses documentation for more information on processing asynchronous requests.

✍️File Scan Presigned URLs

The File Scan endpoint now supports the use of a presigned URL to specify a file to be scanned. The use of presigned URLs allows you to skip the upload step and point the File Scan API to a cloud location where you already have a file.

🌐Redact Edge & multi-config support

The Redact data plane object can now be self-hosted by users through the use of Pangea Edge. Pangea Edge uses a helm chart to deploy Pangea Edge Service (such as Redact) to a Kubernetes cluster, allowing customers to host Redact in their own infrastructure. When the Redact service is used with Pangea Edge, the data plane object must have connectivity to the Pangea cloud service for control plan synchronization.

The Redact service now has the option of creating additional rulesets. A ruleset can be the default ruleset as part of a configuration, or a ruleset can be invoked directly via an input parameter to the API.

👇 Pango’s Picks

THAT Conference Interviews

Explore insightful discussions with industry leaders in our latest YouTube playlist, 'THAT Conference Interviews'. This collection features engaging interviews with experts and thought leaders, offering unique perspectives on a variety of tech-related topics, recorded at THAT Conference. Tune in to gain valuable insights and stay ahead in the world of technology!

Pranav on The State of #DeveloperEducation Podcast

In this podcast episode, Pangea Developer Advocate, Pranav Shikarpur talks about how to simplify security for developers, unpacks his passion for civic problem solving, and explores the business benefits of adopting a hacker mentality as a developer advocate. Go listen!

How ChatGPT Will Solve All API Problems... Except Yours

Ever wondered if #AI can streamline your #API issues? 🔀 Find out in Keith Casey™️'s latest blog 'How ChatGPT Will Solve All API Problems... Except Yours'

📚 Secure by Design Education Hub

Passwordless Authentication Using WebAuthn

WebAuthn is an open standard developed by the World Wide Web Consortium (W3C) and the FIDO Alliance. The protocol aims to replace traditional password-based authentication with a more secure and user-friendly approach. Read this article to learn more.

Passwordless Authentication Using FIDO Passkeys

Secure applications depend on user authentication. Passwords are the prevalent approach now but are a source of security concerns and are inconvenient for users. FIDO2 multidevice credentials[1], often called “passkeys”, are a new, modern, powerful, and increasingly popular authentication standard introduced by the FIDO (Fast Identity Online) Alliance. It is supported by popular websites and products from Google, Apple, Microsoft, and more. Discover how they work in this article.

📅 Upcoming Events

Secure by Design Executive Dinner

Are you a CSO or CTO in the San Francisco Bay Area? Come and join us on February 29th for an educational dinner experience at a top restaurant in San Francisco where we will be discussing the importance of Secure by Design with an expert panel. Apply here for this exclusive, invite-only event

Pangea session at DeveloperWeek

We live in a world of increasingly methodical and organized cybersecurity threats that have put our national infrastructure at risk and the lives of millions potentially on the line. The Cybersecurity and Infrastructure Security Agency (CISA) along with the FBI, NSA, and five other countries' cybersecurity organizations recently released strong guidance aimed at software vendors around Secure by Design and Secure by Default. As a technology community, however, we can no longer wait for government agencies to step in to enforce this - our national security and livelihoods are at daily risk in the way we currently release software. Join this talk to understand what "Shift Left of Left" Security is all about and why you should prioritize it in your software practices.