Secure By Design Newsletter

Romana Vasyleha

Pangea joins GitHub Copilot Extensions Partner Program

We are thrilled to join the GitHub Copilot Partner Program and launch the Pangea extension for Github Copilot, which Microsoft CEO Satya Nadella announced at the Microsoft Build 2024 Keynote.

Millions of developers use GitHub Copilot to build applications and now they can easily add pre-built, composable security features like auth, secure audit logging, and threat intel directly to their apps via the Pangea extension.

It’s exciting for us to support developers who need to build apps quickly and securely via the combined power of AI assistance integrated with our composable security platform!

Learn more in our press release:

https://l.pangea.cloud/Y6XoSat

🆕 Product Updates

AuthZ GA 🎉

We’re excited to announce that the Pangea AuthZ service is now generally available. With AuthZ, you can centralize your authorization policy and reuse it across all of your apps, users, and services through our API. Evolve your policy from role-based to relationship-based seamlessly without rebuilding your app.

We launched our AuthZ service on Product Hunt today! Click this link for a special offer 📣

Postman Collections

With our new Postman Collections, you can get set up with and explore our APIs in minutes. These are generated directly from our OpenAPI definitions to ensure they are always complete and accurate. Let us know what you think!

AuthN - Remember My Device

Multi-factor authentication is a key security feature but temporarily allowing a user to bypass it can make a better experience. With Remember My Device, you can skip a secondary factor after successfully authenticating previously.

Secure Audit Log - Config Cloning

The multiple configuration feature in Secure Audit Log allows users to create and manage multiple configurations within a single project, offering enhanced customization and control over logging and auditing settings. We just added Config Cloning to make it easy to create a new configuration that has a lot in common with one you already have.

Secure Audit Log - Export Audit Logs

We’ve added a new export API that allows you to request a bulk export of the Secure Audit Log records for a given period of time. The call is asynchronous and can take hours to complete depending on the number of records requested. When the request is complete, the download_results API is used to download the exported logs.

Vault - CLI Utility

The pangea-cli command line utility has been getting some love from the engineering team. The latest release improves messages, fixes some minor bugs, and sets the stage for some exciting upcoming features. Install and use it today, and stay tuned for more to come.

To keep up with all of the changes and updates on the platform, visit our change log.

👇 Pango's Picks

Pangea signs CISA’s Secure-by-Design Pledge

We're proud to be among the 68 vendors that signedCybersecurity and Infrastructure Security Agency's Secure by Design pledge at RSAC. Cheers towards building a more secure future together!

Pangea CEO Oliver Friedrichs signing the pledge

How to: Passkeys Next.js

In this tutorial, we show you how to leverage Pangea AuthN’s hosted pages to be able to quickly configure passkeys without building all the cryptographic mayhem from scratch. Just start with a fresh new NextJs app and implement passkeys in a few steps.

How to: Passkeys Django

In this tutorial, we show you how to leverage Pangea AuthN’s hosted pages to be able to quickly configure passkeys without building all the cryptographic mayhem from scratch. Just start with a fresh new Django app and implement passkeys in a few steps.

Do Passkeys Solve the Deployability Issue?

Managing traditional security tokens like RSA Tokens and Yubikeys has been cumbersome and prone to loss, complicating deployment for administrators and usage for users. Scaling up with hard tokens becomes impractical, while alternatives like security questions pose weaker defenses. Passkeys offer a promising solution, balancing usability and security effectively.

Your Devs Want Effortless Auth

In Ambassador’s latest podcast, our PM, Keith Casey, speaks about authentication and #authorization as crucial aspects of building secure and reliable distributed systems. Listen in to figure out how to give your devs the effortless auth they're seeking. 🎧

Securathon Showdown Winners

Our hackathon competition wrapped up in early May and we announced the winners! If you’re interested in seeing examples of Pangea services being used in applications, check out this blog that includes demos for prize-winning projects.

📚 Secure by Design Education Hub

Developers of all levels can grow their security knowledge and keep up with all the latest in cybersecurity.

Securing Secrets in Apps: Storage and management

Comprehensive secrets management solutions are integral to reducing associated risks and should be considered a cornerstone of core infrastructure. In this article, we delve into various secret storage and management options, discuss strategies for selecting and implementing these solutions, and explore approaches for integrating secrets into software.

The Developer’s Case for Secure by Design

Embracing the Secure by Design approach establishes a foundation that yields various benefits for developers, organizations, and customers/end-users alike. This article highlights some key benefits to app creators and their organizations. Together, these suggest that it is worth any needed initial investment.

📅 Upcoming Events

KCDC – June 26-28

Developer advocate, Vanessa Villa, will be presenting “Software Development, Security, and Compliance” on Thursday 2:30-3:30pm

THAT Conference WI – July 29-August 1

Dev Advocate, Pranav Shikarpur, and PM, Keith Casey, will be presenting throughout the conference and giving custom demos at our booth. Don’t miss the fun!

View more news & events on our website