Or Weis
5 best practices for building cloud-native permissions
Cloud-native / microservice-based products are complex. Building access control and managing permissions for them is only getting worse by the pull request.
Or Weis
Cloud-native / microservice-based products are complex. Building access control and managing permissions for them is only getting worse by the pull request.
Daniel Bass
Centralized IAM, and the benefits of implementing it in your organization.Â
Daniel Bass
What changed, both in terms of the challenges and the solutions, and how we can adapt to these changes?
Oded Ben David
A guide to figuring out which data fetching method is best for you, with full knowledge of each methodâs âGood, Bad, and Uglyâ aspects.
Jason Bloomberg
An Intellyx BrainBlog by Jason Bloomberg, for Permit.io
Raz Cohen
Understanding the balance between a good experience for the development team and minimizing security risks - and the best practices for achieving it.
Or Weis
Cloud-based SaaS solutions need multi-tenancy. What is Multitenancy? What we can gain from it? How to easily implement it with two simple layers?
Jason English
An Intellyx BrainBlog for Permit.io by Jason English
Daniel Bass
Access control is a must in evey app, yet most developers build and rebuild it time and time again. Why? Usually, they make one of these four crucial mistakes -
Or Weis
What is Policy as Code, what are the benefits of implementing it, and how can we allow different stakeholders access to it?
Or Weis
The DRACC framework is a DevSecOps methodology which allows mapping the security posture of your application in a communicative, comprehensive way.
Or Weis
Every developer building an app faces the challenge of AuthZ. RBAC, ABAC, multitenancy, invites, approval flows - How do you pick the best service for it?
Daniel Bass
5 key factors for effective & scalable app authorization: simplicity, flexibility, compliance & more.
Filip Grebowski
OPAL, an open-source project, complements and enhances OPA and is already being used by companies like Tesla, Cisco, and the NBA.
Or Weis
The recent #BingBang vulnerability discovered by the Wiz team proves once again how crucial implementing proper authorization is.
Daniel Bass
Access Control is a main concern when developing web applications - and the NSA has a lot to say about it, especially the biggest pitfall developers make.Â
Gabriel L. Manor
Best practices for implementing authorization in a microservices architecture. Learn how to create a better access control experience with Permit.io.
Filip Grebowski
Explore 4 app building blocks: Authentication, Authorization, Databases & Payments. Use existing solutions for faster development & user trust.
Daniel Bass
Preventing broken access control vulnerabilities: a CISO's perspective on the components and importance of proper permission management for cloud-native apps.
Gabriel L. Manor
Learn the best practices for implementing GitOps in your software development cycle. Read our article and adopt GitOps today to streamline your workflow.
Or Weis
The launch of AWS' OSS - Cedar is a tectonic shift in the IAM space. Permit.io supports with OPAL and Cedar-Agent.
Or Weis
What are the benefits of policy as code, and how does OPA's Rego language differ from AWS' new Cedar policy language?
Daniel Bass
Migrating from Role-based access control (RBAC) to Attribute-based access control (ABAC) can prove quite challenging - here's how you can do it painlessly.
Daniel Bass
AWS' new Cedar policy language is now open-source and live! See how you can make the best use of it with Permit.io
Daniel Bass
The latest OWASP "Top 10 API Security Risks" report once again lists "Broken Object Level Authorization" as its top 1 vulnerability. What can be done about it?
Filip Grebowski
A guide to securing your Nest.js API endpoints with Role Based Access Control (RBAC) and enhancing them with Attribute Based Access Control (ABAC).
Gabriel L. Manor
Discover best practices for authorization in Python applications. Avoid anti-patterns and create better access control with RBAC and ABAC implementations.
Daniel Bass
Why and how you should enhance your application's security and compliance with authorization audit logs.
Daniel Bass
Having an authorization layer is a must. But should you build one yourself?
Daniel Bass
Authorization as a Service provides a solution for managing user access and permissions in applications. Learn when you might want to consider such a service, how it can streamline your authorization implementation, and simplify permission management.
Daniel Bass
Choosing the right policy agent to handle your authorization is not a simple task - each offers its benefits and has its drawbacks. How to choose? Read here.
Daniel Bass
Learn from a real case study how to Shift-Left in a way that will impact the product's security. Minimize friction between security and development teams.
Daniel Bass
We just launched our developer tool on Product Hunt and got 'Product of the Day'. Here's how we did it. Some useful growth hacking tips.
Daniel Bass
"Shift-Left" is great, but often results in endless tasks and tools for devs instead of addressing the real issues. How can we avoid it? Implement good DevEx.
Daniel Bass
Learn how, when, and where to use OAuth scopes for authorization. Get a clear understanding of OAuth scopes definition and their proper usage.
Daniel Bass
Protecting your user's personal medical information is vital in healthcare apps. Here's how to make sure you're doing everything to keep that data safe -
Daniel Bass
Learn how to implement proper authorization for a healthcare app with the help of Galactic Health Corporation - a Rick & Morty inspired healthcare application.
Daniel Bass
Learn how Reddit built its advanced Ad Tech authorization system with Open Policy Agent (OPA) and how you can build one yourself with OPAL!
Daniel Bass
Discover best practices for authorization in REST API. Learn about API authorization layers, actors, tools like Permit.io and OPAL.
Gabriel L. Manor
Explore best practices for authentication and authorization in API with clear, practical examples. Including a differentiation guide, and helpful code tips.
Gabriel L. Manor
Explore comprehensive strategies for API Security in our guide, focusing on best practices in authentication, authorization, and safeguarding applications.
Gabriel L. Manor
Explore the process of implementing Role-Based Access Control (RBAC) in applications with policy as code, enhancing security and scalability.
Daniel Bass
If you've worked on authorization before, you know that sometimes standard policy models just aren't enough. What can we do then? Let's find out -
Or Weis
Learn how we use a policy-as-code platform to create a successful engineering culture of authorization and access control.
Maya Barak & Daniel Bass
Explore how Access Request APIs simplify user access management in apps, making them efficient and adaptable to changing user requirements.
Daniel Bass
10 topics, 45 questions: Authorization is part of every appâhere are the questions you NEED to ask yourself before you implement this critical security feature
Daniel Bass
Learn how to build cloud-native authorization systems with CI/CD, thorough testing, and precise modeling and implementation.
Daniel Bass
Learn best practices for managing user roles and access delegation and how to implement a cascading authorization model to enhance your app's access control.
Daniel Bass
Discover how Discord built "Access!" - a secure, user-friendly portal for managing authorization, and what should you use to cover your entire user stack.
Daniel Bass
Attribute-Based Access Control (ABAC) and Relationship-Based Access Control (ReBAC) - how to make the most suitable choice for your application?
Gabriel L. Manor
Discover how AI and authorization intersect. Learn to manage GenAI bots securely with fine-grained authorization using tools like Permit.io and Arcjet.
Daniel Bass & Gabriel L. Manor
Developer conferences are a great way to get more eyes on your startup. In this guide, we cover everything we learned about making the most out of them
Gabriel L. Manor
Learn how to implement hybrid cloud security using the multi-layer approach. Explore best practices with practical examples of IAM security and authorization.
Daniel Bass
Learn how to use JWT for authorization, understand the basics of what JWT is, and explore examples of proper JWT usage in authentication and authorization.
Daniel Bass
Today, we are excited to announce the launch of Permit.ioâs latest feature: Permit Share-If.
Gabriel L. Manor
Discover top open-source auth projects enhancing application security, including Hanko, Supabase, and OPAL, for robust authentication and authorization.
Gabriel L. Manor
Learn what the latest Arc Browser vulnerability can teach us about the proper usage of row-level security.
Gabriel L. Manor & Daniel Bass
Discover how AI Identity is transforming Identity and Access Management (IAM). Learn to tackle hybrid identities, dynamic permissions, and proactive security with practical implementations.
Gabriel L. Manor & Daniel Bass
Learn how AI identity security is reshaping Identity and Access Management (IAM) and how to tackle these changes with proactive identity security.