Skip to main content

· One min read
Aditya Kajla

Here's what we've been up to in April:

New dashboard homepage

We've added a brand new homepage to the Warrant dashboard that contains all your monthly API metrics including total # of calls, authorizations, users and tenants.

· 2 min read
Karan Kajla

Today, I'm excited to launch our newest feature! 🎉 The Warrant Self Service Dashboard is a prebuilt, Warrant-hosted page where your customers can manage their own roles & permissions (think Stripe Checkout for user roles & permissions). Built on top of our core Authorization API, the Self Service Dashboard is fast, flexible, and easy to setup.

· 2 min read
Aditya Kajla

Here's what we've been up to in February:

Enterprise-grade authz

Over the past several weeks, we’ve been hard at work augmenting and reinforcing our back-end infrastructure. The result is a much more scalable authz service that is globally distributed with ~50% better query latency. There’s more to come on this front but reach out to us if you have any questions about our enterprise roadmap.

· One min read
Aditya Kajla

Happy new year! Here's what we've been up to in January:

New year, new look

As you can probably tell, we've updated our look! Check out our new website and dashboard.

Awesome-authorization

We've realized that good authz resources and content are hard to come by, so we put together a curated 'awesome-authorization' list of our fav articles and resources on Github. Check it out, star it and feel free to add your favs!

· 2 min read
Aditya Kajla

Here's what we've been up to in December:

Ruby SDK

By popular demand, the official Warrant Ruby SDK is now available.

Dashboard updates

Some minor updates to the dashboard this month, including the ability to add user-friendly and identifiable usernames for each of your users.

· 3 min read
Karan Kajla

I'm excited to announce that Warrant now has built-in support for Role Based Access Control! 🥳 RBAC is one of the most widely used forms of access control, so we wanted to make it as easy as possible for developers to add robust RBAC to their apps. We also know that access control isn't a "set it and forget it" type of problem. Applications evolve over time, whether it's through new features or other changes, so we've made some major updates to the Warrant Dashboard to make it easier to manage RBAC in a live application.

· 9 min read
Karan Kajla

Insecure Direct Object Reference (shortened as IDOR) is one of the most common forms of broken access control which OWASP recently listed as the number one application security issue in 2021. A quick search for "IDOR" on Hacker One's Hacktivity feed shows that many top tech companies (and even the U.S. Department of Defense) have fallen victim to IDOR, in some cases paying out well over $10,000 per bug bounty. In this post, I'll explain what IDOR is, what causes it, and ways to protect your application against it.

· 2 min read
Aditya Kajla

Here's what we've been up to in November:

Native, built-in support for RBAC

By popular demand, ‘group’ is now a pre-installed object type. ‘Groups’ can be used to easily group users and implement role based access control.

Dashboard updates

Lots of usability improvements and new functionality in the dashboard, including a new on-boarding flow with pre-filled code snippets that you can directly copy and paste into your code. You can also completely manage your app's object types and warrants from the dashboard and perform test access checks to check your work.

· 6 min read
Aditya Kajla

The topic of authorization has seen a recent resurgence in interest from developers and security folks alike. The OWASP Foundation, a trusted voice on web application security, just updated its Top 10 Web Application Security Risks and for the first time rated 'Broken Access Control' as the top vulnerability facing developers. Also this year, Airbnb, Carta, and Intuit each separately published deep-dives detailing their newly built internal authorization services.

Authorization is by no means a new security concept. So why this renewed attention to it? In this post, we’ll look at authorization as it stands today, what's changed in the landscape, and go over some best practices developers should follow.