Security

Ingress controllers and API gateways have some overlapping functionality, and this post helps you know when to use one over the other—or both!

Explore how ngrok enhances AI development by enabling secure, direct access to customer data, ensuring data integrity and privacy.

Check out this comprehensive site-to-site VPN guide. Site-to-site VPN provides secure connections for distant offices and networks.

Explore vulnerability management in cloud apps, focusing on SaaS accessing customer databases in BYOC environments, with security and compliance insights.

ngrok's developer-defined API gateway introduces support for JWT validation. Learn about ngrok's implementation and how to add JWT validation to your API endpoints.

This blog post provides a guide on securing a Node.js CRUD app by integrating the ngrok JavaScript SDK for stable domain setup and implementing OAuth through Google for user authentication and authorization.

Read about how we have improved our firewall and created an open-source Firewall Toolkit in the process.

Introducing ngrok Account Domain Controls: Unify user accounts, enforce policies, and secure ngrok usage with ease.

Learn how ngrok secures your production infrastructure using MFA and Time-Based One Time Passwords (TOTP).

Enhance network security with various authentication methods at the network edge. Thwart unauthorized access and minimize attack surfaces.

Webhooks are extremely useful for staying up to date with changes in other systems but are they secure? This post will guide you through some steps to ensure the webhooks you consume are valid.

Adding auth to applications seems easy at the surface, but it can quickly become a source of frustration once you need to deliver a production-grade solution with features for end-users — i.e. self-service sign-ups, account recovery, and social auth for multiple platforms — and for security — i.e. audit trail, live session management, and authorization policies. In this post, I'll integrate ngrok to Auth0 and solve for these challenges.

While ngrok is useful to run along side your app, what happens when you embed it into your app and start activating OAuth, webhook verification, load balancing, and more?

We strive to take ingress off developers’ plates with our platform and that requires making security-focused features accessible and easy to use. Today, I'm proud to announce an important step in that direction: we're adding our security features — OAuth and Webhook validation — to our free plan.

Phishing attacks are one of the most common attacks on the internet, and ngrok is committed to actively trying to stop them.

Today, we are adding additional visibility for users logging into your application through our edge. Now you can see your application users in the ngrok dashboard and view their identity details. In this blog, I'll explain why this feature is a huge win for security and how you can take advantage of it today.

Webhooks are the foundation of modern API development. They enable us to react to changes in our systems, an incoming text message, a successful payment, or that latest pull request no matter our stack. While webhooks are universal in concept, they are unstandardized API contracts with few organizations paying attention to their design, security controls, and overall operational experience.

I've worked with OAuth 2.0 for over 6 years. It's always been a complex and challenging beast to fight until now.

We’re excited to announce that we have successfully completed the System and Organizational Controls (SOC) 2 Type 2 testing with no findings. Read more for more information.

Securing your environment is challenging in the best of times. With ngrok, you can centralize management to ensure policies are applied consistently, no matter the stack.

While ngrok has made it easy to launch your fantastic new app online in one line, bad actors have also used this capability to launch their own attacks. Blocking and eliminating this malicious behavior is key to what we do and we've taken another step to protect users without breaking legitimate applications.

In this post, I cover the different methods you can use for authenticating traffic with ngrok, including OAuth and OpenID Connect.

Launching the ngrok security and trust portal is another step to towards transparency in how we approach the security of the ngrok service, our shared security model, how we handle data, and the steps we take to protect it.

Learn how to use ngrok Cloud Edge middleware to address app requirements – such as observability, load balancing, compression, and security – fast and without the burden of running and maintaining a middleware infrastructure.

ngrok Secure Tunnels provides a simple to enable remote access to systems. With one command— i.e. `ngrok http 80` — you can share your apps, APIs, and systems with the world, without complex network configuration, reliability issues, and NAT. However, with power comes great responsibility so let's add OAuth 2.0

We’re excited to announce that we have successfully completed the System and Organizational Controls (SOC) 2 Type 1 examination establishing controls and safeguards within ngrok.