Skip to main content

· One min read
Aditya Kajla

Here's what we've been up to in February:

Enterprise-grade authz

Over the past several weeks, we’ve been hard at work augmenting and reinforcing our back-end infrastructure. The result is a much more scalable authz service that is globally distributed with ~50% better query latency. There’s more to come on this front but reach out to us if you have any questions about our enterprise roadmap.

· One min read
Aditya Kajla

Happy new year! Here's what we've been up to in January:

New year, new look

As you can probably tell, we've updated our look! Check out our new website and dashboard.

Awesome-authorization

We've realized that good authz resources and content are hard to come by, so we put together a curated 'awesome-authorization' list of our fav articles and resources on Github. Check it out, star it and feel free to add your favs!

· One min read
Aditya Kajla

Here's what we've been up to in December:

Ruby SDK

By popular demand, the official Warrant Ruby SDK is now available.

Dashboard updates

Some minor updates to the dashboard this month, including the ability to add user-friendly and identifiable usernames for each of your users.

· 2 min read
Karan Kajla

I'm excited to announce that Warrant now has built-in support for Role Based Access Control! 🥳 RBAC is one of the most widely used forms of access control, so we wanted to make it as easy as possible for developers to add robust RBAC to their apps. We also know that access control isn't a "set it and forget it" type of problem. Applications evolve over time, whether it's through new features or other changes, so we've made some major updates to the Warrant Dashboard to make it easier to manage RBAC in a live application.

· 8 min read
Karan Kajla

Insecure Direct Object Reference (shortened as IDOR) is one of the most common forms of broken access control which OWASP recently listed as the number one application security issue in 2021. A quick search for "IDOR" on Hacker One's Hacktivity feed shows that many top tech companies (and even the U.S. Department of Defense) have fallen victim to IDOR, in some cases paying out well over $10,000 per bug bounty. In this post, I'll explain what IDOR is, what causes it, and ways to protect your application against it.

· 2 min read
Aditya Kajla

Here's what we've been up to in November:

Native, built-in support for RBAC

By popular demand, ‘group’ is now a pre-installed object type. ‘Groups’ can be used to easily group users and implement role based access control.

Dashboard updates

Lots of usability improvements and new functionality in the dashboard, including a new on-boarding flow with pre-filled code snippets that you can directly copy and paste into your code. You can also completely manage your app's object types and warrants from the dashboard and perform test access checks to check your work.

· 5 min read
Aditya Kajla

The topic of authorization has seen a recent resurgence in interest from developers and security folks alike. The OWASP Foundation, a trusted voice on web application security, just updated its Top 10 Web Application Security Risks and for the first time rated 'Broken Access Control' as the top vulnerability facing developers. Also this year, Airbnb, Carta, and Intuit each separately published deep-dives detailing their newly built internal authorization services.

Authorization is by no means a new security concept. So why this renewed attention to it? In this post, we’ll look at authorization as it stands today, what's changed in the landscape, and go over some best practices developers should follow.

· 7 min read
Karan Kajla

Access Control is the process of allowing (or disallowing) user access to specific resources or actions in a software system. For example, only allowing certain users access to internal admin pages on a website or only allowing paying users access to a premium feature. There are many approaches to implementing Access Control, but Role Based Access Control (RBAC) is one of the most popular and widely used. In this guide, we'll cover a standard way to implement RBAC and discuss some best practices for implementing Access Control in APIs and web applications.

· 3 min read
Aditya Kajla

At Warrant, we're building APIs and infrastructure to help developers add authorization and access control to their apps in less than 20 lines of code. Warrant handles the complexity of managing authorization so engineering teams can focus on building their core products.

Warrant

Turn your code into this.