“Demystifying SOC2 for Engineers”

JumpWire Engineering Blog

Get updates directly to your inbox.
Sign up for our newsletter.

Security Workshop Part 1 - Put up a gate

Security doesn't have to live in applications directly, often the best defenses come from how application architecture is designed. In this post, we highlight the API gateway as an architecture layer that creates defense in depth and helps to mitigate application security failures.

Announcing JumpWire Community Edition

JumpWire has released an open-source Community Edition, free for anyone to use. It supports popular features such as database access via SSO, application-level field encryption, and group access privileges.

JumpWire is back at fintech_devcon

JumpWire will be participating in fintech_devcon 2023, this year as a sponsor! Last year's event was a highlight, and this year we will run a workshop on security for developers.

Why use field level encryption?

The benefits of field-level encryption is often misunderstood, as many developers don't fully understand its benefit to application security. In this post, we outline why this technique is critical to building systems that are impervious to data leaks.

Securing Serverless - Working with data

In part two of our series on securing serverless, we show how to protect data that needs to be used by a backend, either in queries or application business logic. These are scenarios where decrypting the data before processing is too much overhead, and limits the ability to use the database engine for computation.

Proxies for Security and Profit

Security is often viewed as a "cost" of doing business, but what happens when a new customer deal gets blocked due to data sharing concerns? This post outlines how to extend your security controls to cover your customer's objections.

Previous posts

Strategy of Security by Cole Grolmus

Cole Grolmus interviews Ryan Cooke about data security, JumpWire, and asks the hard question... why encrypt?

Securing Serverless - Building with Neon.tech

Serverless databases are having a moment, as developers ditch managing infrastructure but don't want to give up SQL. But does adopting an internet-facing database mean our applications are inherently less secure?

Anatomy of a Hack - SolarWinds edition

An technical dive into the biggest supply chain hack of all time, illustrating how attackers infected a popular monitoring tool with a backdoor without anyone noticing.

How to Run a CTF

Running a security CTF event takes a lot of work. This explanation of how we planned and hosted our CTF at Shmoocon 2023 dives into the details behind our infrastructure, as well as what happened during the live event.

Announcing HTTP Proxy beta

JumpWire is launching an HTTP proxy as a beta release, the most significant upgrade their data security platform to date. Fully compatible with the database proxy, this feature can transform any application into a secure data vault.

Svelte Without Kit

This post describes how to use Svelte as a standalone app, outside of the full-fledged app framework SvelteKit. The framework brings a lot of benefits, such as routing and SSR, but often a setup using a lightweight server backend such as node is better for simple projects.

JumpWire is heading to ShmooCon

JumpWire will be participating in ShmooCon as a sponsor! This has been our personal favorite hacker conference in the past, and we look forward to seeing everyone at our booth.

Announcing General Availability of Clusters

JumpWire moved Clusters to general availability for all customers, to enable multi-node deployment options, policy testing and promotion, and a preview of an upcoming feature.

E2E Reactivity using Svelte with Phoenix LiveView

Svelte's reactive component properties beautifully combine with LiveView's web socket assignments and state management, to create web applications that are reactive from the database to the browser unlike any other.

Compromises of AWS server-side encryption

This post outlines how encryption is used as a data security measure, and examines "server-side encryption" in Amazon Web Services to highlight how it fails to implement those safeguards.

DBConnection Pooling Deep Dive

A deep dive on how pooled connections work in the Elixir DBConnection library.

Announcing our free self-service tier

JumpWire is pleased to announce the availability of our free self-service tier, for teams to try the platform in a dev environment or to run in small production setups with a single database or API.

Trade-offs in early company building - security edition

A discussion of early company building that lays out a framework for investing in security that is not reactive to customer inquiries, audits or incidents.

Anatomy of a Data Leak - Capital One edition

An in-depth analysis of a 2019 data breach affecting 100+ million customers of the U.S. bank Capital One, specifically how it exposed complicated risks inherent in cloud security.

In-Memory Distributed State with Delta CRDTs

How to utilize delta conflict-free replicated data types for managing distributed cache or configuration state on an Elixir cluster.

SvelteKit Path Based Navigation

This post describes how to leverage rich, dynamic path-based navigation using SvelteKit to manage state in Svelte Components, building on the routing capabilities and Svelte stores that SvelteKit provides to represent path and navigation state.