Spotlight

It's not worth gambling on data privacy of your users

Why companies gamble on user data privacy

Despite GDPR, we still hear about embarrassing data leaks, often at big tech companies. What is so difficult about protecting your users data? Turns out, it's just business...

Authorization may seem simple but always ends up more complex than you guess

So you want to build your own authorization?

When writing new software, it's hard to notice complexity creeping in. Authorization is one of the aspects where things start deceptively simple and before you notice, you end up in a zoombombing scandal.

What's the difference between authentication and authorization?

To authenticate or to authorize - what is the difference?

Authentication vs authorization - which one is which? Even experienced software developers confuse the two. Let’s make it crystal clear once and for all - what is the difference and why it matters.

Case studies

Zoombombing - a case study of data protection

Zoombombing is a relatively recent phenomenon, although underlying causes aren't new. In this case study, I take a look at what went wrong and how a company can protect itself from similar issues.

Technical help

Getting started with Authress

All you need to start using Authress, explained step by step.

Authress API - billing, caching, and rate limiting

Details on billing scenarios, response caching, and route rating limiting for Authress API.

Choosing the right error code 401, 403, or 404

Here we’ll break down the most common HTTP error responses used for the purposes of API security.

How to secure a multitenant application architecture

Get help creating an application where multiple users share one account.

Choosing the best access control strategy

A comparison of different access control strategies such as role-based access control (RBAC) and others, using a simple document repository as a example.