Blog

Company Updates & Technology Articles

A CISO Perspective on the Importance of Separating Authorization Policy and Application Code

In this post, we cover how treating authorization policy as code allows information security and application teams to enforce strong separation of duties in multiple areas.

Blog post cover
Blog post cover

RBAC vs ABAC: pros, cons, and example policies

RBAC and ABAC are two popular models for securing access to resources. Both models have their merits and both have limitations. Learn all about role-based and attribute-based access control and see example policies in this post.

Jan 11th, 2023

Blog post cover

A CISO perspective on Broken Access Control

A CISO view of what Broken Access Control is, why it keeps them up at night, and some strategic priorities your organization can pursue to address and mitigate broken access control threats.

Jan 4th, 2023

Blog post cover

Goodbye Open Policy Registry, Hello Open Policy Containers!

Open Policy Containers (OPCR) is now a CNCF Sandbox project, and it’s time to sunset the Open Policy Registry!

Dec 30th, 2022

Blog post cover

How to avoid Broken Access Control vulnerabilities

Broken Access Control vulnerabilities are pervasive. This post explores three techniques that can be combined to create secure-by-default applications that can avoid or eliminate Broken Access Control vulnerabilities.

Dec 21st, 2022

Blog post cover

How Google Drive models authorization

Zanzibar is Google's centralized access control system. Learn more about this common authorization solution that has high availability, low latency, and the flexibility to deliver fine-grained access control for every Google service (e.g. Gmail, Drive, YouTube, Calendar, etc.).

Dec 15th, 2022