Security

Check out this comprehensive site-to-site VPN guide. Site-to-site VPN provides secure connections for distant offices and networks.

ngrok's developer-defined API gateway introduces support for JWT validation. Learn about ngrok's implementation and how to add JWT validation to your API endpoints.

Read about how we have improved our firewall and created an open-source Firewall Toolkit in the process.

Webhooks are extremely useful for staying up to date with changes in other systems but are they secure? This post will guide you through some steps to ensure the webhooks you consume are valid.

We strive to take ingress off developers’ plates with our platform and that requires making security-focused features accessible and easy to use. Today, I'm proud to announce an important step in that direction: we're adding our security features — OAuth and Webhook validation — to our free plan.

Phishing attacks are one of the most common attacks on the internet, and ngrok is committed to actively trying to stop them.

Are you getting that dreaded "Unknown publisher" message in Windows? Read on to learn about properly signing your releases in simple, repeatable ways.

Today, we are adding additional visibility for users logging into your application through our edge. Now you can see your application users in the ngrok dashboard and view their identity details. In this blog, I'll explain why this feature is a huge win for security and how you can take advantage of it today.

Webhooks are the foundation of modern API development. They enable us to react to changes in our systems, an incoming text message, a successful payment, or that latest pull request no matter our stack. While webhooks are universal in concept, they are unstandardized API contracts with few organizations paying attention to their design, security controls, and overall operational experience.

Even the best developers tools need to integrate with the systems and processes that protect your organization. With Dashboard Single Sign-On, ngrok is one of them!

We’re excited to announce that we have successfully completed the System and Organizational Controls (SOC) 2 Type 2 testing with no findings. Read more for more information.

Securing your environment is challenging in the best of times. With ngrok, you can centralize management to ensure policies are applied consistently, no matter the stack.

While ngrok has made it easy to launch your fantastic new app online in one line, bad actors have also used this capability to launch their own attacks. Blocking and eliminating this malicious behavior is key to what we do and we've taken another step to protect users without breaking legitimate applications.

In this post, I cover the different methods you can use for authenticating traffic with ngrok, including OAuth and OpenID Connect.

Launching the ngrok security and trust portal is another step to towards transparency in how we approach the security of the ngrok service, our shared security model, how we handle data, and the steps we take to protect it.

Last week, we fixed a multi-tenancy bug in the ngrok dashboard’s caching layer that unintentionally leaked data between a small subset of ngrok accounts when they viewed the ngrok dashboard. This bug affected less than 5% of ngrok’s active users. We have contacted all accounts affected by the bug directly via email with instructions for remediation.

How to run ngrok with Slack webhook authentication? How to use GitHub OAuth? How to serve files? This cheat sheet shows the main commands! Print it and hang it on your wall or download it and keep it on hand.

In this post, we navigate some of the best practices, key considerations, and features provided by ngrok for production scenarios

Learn how to use ngrok Cloud Edge middleware to address app requirements – such as observability, load balancing, compression, and security – fast and without the burden of running and maintaining a middleware infrastructure.

ngrok Secure Tunnels provides a simple to enable remote access to systems. With one command— i.e. `ngrok http 80` — you can share your apps, APIs, and systems with the world, without complex network configuration, reliability issues, and NAT. However, with power comes great responsibility so let's add OAuth 2.0

We’re excited to announce that we have successfully completed the System and Organizational Controls (SOC) 2 Type 1 examination establishing controls and safeguards within ngrok.