Security

Explore how ngrok enhances AI development by enabling secure, direct access to customer data, ensuring data integrity and privacy.

Explore vulnerability management in cloud apps, focusing on SaaS accessing customer databases in BYOC environments, with security and compliance insights.

ngrok's developer-defined API gateway introduces support for JWT validation. Learn about ngrok's implementation and how to add JWT validation to your API endpoints.

This blog post provides a guide on securing a Node.js CRUD app by integrating the ngrok JavaScript SDK for stable domain setup and implementing OAuth through Google for user authentication and authorization.

Read about how we have improved our firewall and created an open-source Firewall Toolkit in the process.

Introducing ngrok Account Domain Controls: Unify user accounts, enforce policies, and secure ngrok usage with ease.

Learn how ngrok secures your production infrastructure using MFA and Time-Based One Time Passwords (TOTP).

Enhance network security with various authentication methods at the network edge. Thwart unauthorized access and minimize attack surfaces.

Adding auth to applications seems easy at the surface, but it can quickly become a source of frustration once you need to deliver a production-grade solution with features for end-users — i.e. self-service sign-ups, account recovery, and social auth for multiple platforms — and for security — i.e. audit trail, live session management, and authorization policies. In this post, I'll integrate ngrok to Auth0 and solve for these challenges.

While ngrok is useful to run along side your app, what happens when you embed it into your app and start activating OAuth, webhook verification, load balancing, and more?

We strive to take ingress off developers’ plates with our platform and that requires making security-focused features accessible and easy to use. Today, I'm proud to announce an important step in that direction: we're adding our security features — OAuth and Webhook validation — to our free plan.

Phishing attacks are one of the most common attacks on the internet, and ngrok is committed to actively trying to stop them.

Today, we are adding additional visibility for users logging into your application through our edge. Now you can see your application users in the ngrok dashboard and view their identity details. In this blog, I'll explain why this feature is a huge win for security and how you can take advantage of it today.

I've worked with OAuth 2.0 for over 6 years. It's always been a complex and challenging beast to fight until now.

Securing your environment is challenging in the best of times. With ngrok, you can centralize management to ensure policies are applied consistently, no matter the stack.

In this post, I cover the different methods you can use for authenticating traffic with ngrok, including OAuth and OpenID Connect.

Last week, we fixed a multi-tenancy bug in the ngrok dashboard’s caching layer that unintentionally leaked data between a small subset of ngrok accounts when they viewed the ngrok dashboard. This bug affected less than 5% of ngrok’s active users. We have contacted all accounts affected by the bug directly via email with instructions for remediation.

Learn how to use ngrok Cloud Edge middleware to address app requirements – such as observability, load balancing, compression, and security – fast and without the burden of running and maintaining a middleware infrastructure.

ngrok Secure Tunnels provides a simple to enable remote access to systems. With one command— i.e. `ngrok http 80` — you can share your apps, APIs, and systems with the world, without complex network configuration, reliability issues, and NAT. However, with power comes great responsibility so let's add OAuth 2.0