Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Bearer and Trace announce industry partnership

Bearer has partnered with Trace to help companies leverage the best of services and software and build a connected compliance program. Bearer is innovating data risk assessments to build intelligence and stack visibility at scale, while the Trace team brings decades of client-led professional services experience in privacy and data security. Together, the two companies bring the best blend of human and tech capabilities to shape the future of compliance.

Why authorization and authentication are important to API security - and why they're not enough

The number of machine identities for which organizations are responsible has “exploded” in recent years, according to Security Boulevard. These machine identities include devices and workloads. But they also include application programming interfaces (APIs). Organizations use APIs to connect the data and functionality of their applications to those managed by third-party developers, business partners, and other entities, per IBM.

Why Hotwire in 2021

Our product has been through many changes over the years. Both from a market standpoint, but also technically. Over the last year we’ve simplified our architecture and moved away from a traditional Javascript single page application (SPA) and gone back to our Rails roots. Here’s the story of why we chose Hotwire, what it’s allowed us to do, and where we hope to see it in the future.

Phishing operators abuse bank APIs to improve phishing TTPs

True Login phishing kits are continuously being developed by threat actors to improve their TTPs in luring victims. By using true login kits, the phishing operators have a higher chance of making potential victims believe they are logging into the real website. True login kit developers are abusing publicly available APIs of the banking company to be able to query login information to be shown to potential victims, in turn luring the victim even further into the operations.

Introducing Bearer inventory

The engineering organization of companies building modern cloud applications can get incredibly complex. Security teams are caught between the explosive growth of engineering teams and the fragmentation of software architecture. As a result, it can be a challenge to get a clear, complete and up-to-date view of engineering components. Bringing clarity about the software architecture is the first step to enable you to assess and remediate data security risks properly.

How and why we built Masked Email with JMAP - an open API standard

Our core values as a company center around our users’ privacy, security, and satisfaction. While developing Masked Email – our integration with Fastmail that lets users create new, unique email addresses without ever leaving the sign-up page – we needed a technology that brought all three values together.

How adopting an OKR process has helped the Bearer team stay aligned

Keeping a team aligned isn’t easy. Not every meeting can possibly include every single team member, and updating a multitude of Notion pages with all the details regarding every discussion is an entire project in itself. The data that informs decisions is shared to separate groups of people, many of which don’t necessarily work closely together.

Kong Mesh and Styra DAS - securing modern cloud-native applications

Back at KubeCon North America 2017, many speakers declared that 2018 would be “The Year of the Service Mesh”. Just a year later, in the 2019 CNCF Survey1, it was reported that 18% of surveyed organizations were using a service mesh in production, and by 20202 (the most recent survey published at the time of this writing) that number rose to 27%.

gRPC-web: Using gRPC in Your Front-End Application

At Torq, we use gRPC as our one and only synchronous communication protocol. Microservices communicate with each other using gRPC, our external API is exposed via gRPC and our frontend application (written using VueJS) uses the gRPC protocol to communicate with our backend services. One of the main strengths of gRPC is the community and the language support. Given some proto files, you can generate a server and a client for most programming languages.