Engineering posts about Authorization
Curated summaries and key learnings for engineers working with Authorization.
Managed OAuth for Access: make internal apps agent-ready in one click
The article outlines Cloudflare's implementation of Managed OAuth to enhance access for internal applications, allowing agents to authenticate seamlessly. It describes the challenges faced when...
Securing non-human identities: automated revocation, OAuth, and scoped permissions
The article addresses the critical need for securing non-human identities in software development, particularly in the context of agentic AI systems. It outlines the risks associated with credential...
Privacy-first connections: Empowering social experiences at Airbnb
The article outlines Airbnb's approach to enhancing user privacy through the implementation of context-aware profile IDs that decouple user identities from their public profiles. By separating...
Dynamic, identity-aware, and secure Sandbox auth
The article explores the implementation of dynamic, identity-aware authentication mechanisms for sandbox environments, emphasizing the use of outbound Workers to enhance security and control over...
Enhancing Security with User-Specific Access Keys for DigitalOcean Functions
The article outlines a significant update to DigitalOcean Functions, transitioning from a shared credential model to user-specific access keys. This change enhances security by ensuring that access...
Agentic AI Security: New Risks and Controls in the Databricks AI Security Framework (DASF v3.0)
The Databricks AI Security Framework (DASF) has been updated to include Agentic AI as its 13th component, introducing 35 new technical security risks and 6 mitigation controls tailored for the...
Active defense: introducing a stateful vulnerability scanner for APIs
The article introduces Cloudflare's new stateful vulnerability scanner designed specifically for APIs, addressing the limitations of traditional defensive security measures. It highlights the...
Fixing request smuggling vulnerabilities in Pingora OSS deployments
The article addresses critical HTTP/1.x request smuggling vulnerabilities identified in the Pingora open source framework, particularly when deployed as an ingress proxy. It outlines the nature of...
Stop reacting to breaches and start preventing them with User Risk Scoring
The article presents a proactive approach to cybersecurity by integrating User Risk Scoring into zero trust network access (ZTNA) policies. It outlines how Cloudflare One's platform allows security...
Moving from license plates to badges: the Gateway Authorization Proxy
The Gateway Authorization Proxy is a solution designed to enhance security by shifting user identity verification from devices to the network level. It utilizes Cloudflare's global infrastructure to...
Toxic combinations: when small signals add up to a security incident
The article explores the concept of 'toxic combinations' in cybersecurity, where seemingly harmless signals can converge to create significant security incidents. It highlights how minor...
React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques
The article discusses the React2Shell vulnerability (CVE-2025-55182), a critical Remote Code Execution (RCE) flaw affecting React Server Components (RSC). Following its disclosure, the Cloudforce One...