Security

Tired of spoofed headers? Use JA4 to fingerprint clients by their TLS handshake and take action with ngrok Traffic Policy.

Are search and AI bots invading your ngrok endpoints? Fight back with three developer-friendly traffic policies you can deploy in minutes.

Need custom certs? Want fast mTLS setup? ngrok’s terminate-tls action gives you complete TLS control from one declarative config.

Secure your endpoints with ngrok’s Basic Auth Traffic Policy, compatible with both interactive and programmatic access to your APIs or apps, in a few minutes.

Mutual TLS (mTLS) with an API gateway can help you meet compliance requirements in industries that demand high security for data transmission.

Understand how ngrok handles your data with advanced security measures, offering clarity and control over your traffic flows and storage.

Ingress controllers and API gateways have some overlapping functionality, and this post helps you know when to use one over the other—or both!

Explore how ngrok enhances AI development by enabling secure, direct access to customer data, ensuring data integrity and privacy.

Check out this comprehensive site-to-site VPN guide. Site-to-site VPN provides secure connections for distant offices and networks.

Explore vulnerability management in cloud apps, focusing on SaaS accessing customer databases in BYOC environments, with security and compliance insights.

ngrok's developer-defined API gateway introduces support for JWT validation. Learn about ngrok's implementation and how to add JWT validation to your API endpoints.

Secure a Node.js CRUD app using the ngrok JavaScript SDK for stable domain setup. Implement OAuth through Google for user authentication and authorization.

Read about how we have improved our firewall and created an open-source Firewall Toolkit in the process.

Introducing ngrok Account Domain Controls: Unify user accounts, enforce policies, and secure ngrok usage with ease.

Learn how ngrok secures your production infrastructure using MFA and Time-Based One Time Passwords (TOTP).

Enhance network security with various authentication methods at the network edge. Thwart unauthorized access and minimize attack surfaces.

Webhooks help applications stay up to date with system changes, but are they secure? We guide you through steps to ensure the webhooks you consume are valid.

Securely add production-grade auth with self-service sign-ups, account recovery, and social auth for multiple platforms - integrate ngrok to Auth0.

ngrok is useful to run alongside your app. What happens when you embed it and start activating OAuth, webhook verification, load balancing, and more?

We're adding our security features — OAuth and Webhook validation — to our free plan.

Phishing attacks are one of the most common attacks on the internet, and ngrok is committed to actively trying to stop them.

See your application users in the ngrok dashboard and view their identity details. This feature is a huge win for security and you can use it today.

Webhooks enable us to react to changes like text messages, successful payments, or pull requests. Few pay attention to their design, security or controls.

I've worked with OAuth 2.0 for over 6 years. It's always been a complex and challenging beast to fight until now.

We’re excited to announce that we have successfully completed the System and Organizational Controls (SOC) 2 Type 2 testing with no findings. Read more for more information.

Securing your environment is challenging. With ngrok, you can centralize management to ensure policies are applied consistently, no matter the stack.

While ngrok has made it easy to launch your fantastic new app online in one line, bad actors have also used this capability to launch their own attacks. Blocking and eliminating this malicious behavior is key to what we do and we've taken another step to protect users without breaking legitimate applications.

In this post, we cover the different methods you can use for authenticating traffic with ngrok, including OAuth and OpenID Connect using Traffic Policy.

The ngrok security and trust portal shares how we secure the ngrok service, our shared security model, how we handle data, and the steps we take to protect it.

Use ngrok Cloud Edge for app observability, load balancing, compression, and security – without the burden of running and maintaining middleware infrastructure.

ngrok Secure Tunnels. With one command share your apps, APIs, and systems with the world, without complex network configuration, reliability issues, and NAT.

We have successfully completed the System and Organizational Controls (SOC) 2 Type 1 examination establishing controls and safeguards within ngrok.