At Clever, we lock down code access to customer data using AWS IAM roles with session policies. In Clever’s microservice AWS architecture, each service has a unique IAM role with access to the AWS resources it needs: S3 buckets, DynamoDB tables, and so on. Our services are multi-tenant and customer data is separated via logical […]
Clever Goals is a new product that tracks students’ educational software usage. It creates progress data, a new type of data for Clever. This sensitive data needs to be protected from unauthorized access, and users should feel in control over how it’s used. How does the Clever security team make sure that new products like […]
Over the past month, Clever worked with CERT to address a vulnerability in our open-source SAML2 library. Clever maintains an open source library implementing the SAML protocol in Node.js known as saml2-js. We use this library internally in our SAML service provider functionality for schools using Clever SSO and the Clever Portal. It is used […]
At Clever, one of our tenets is “Always a Student”, and in that spirit of learning we wanted to share the changes we made to fix memory allocation issues in AWS Elastic Container Service related to swappiness. Swappiness is a Linux Kernel setting that specifies how likely it is for a page in memory to be […]
Clever Instant Login makes it easy for students to log in to their learning applications, saving valuable instructional time. By using the widely-deployed OAuth 2 protocol, our team tries to save valuable development time and make it easy for our app customers to create integrations. OAuth 2 has been a fairly smooth road, but we […]
The password is both a ubiquitous and brittle security mechanism. With the emergence of new security trends like post-quantum cryptography and IoT-botnet attacks, it’s easy to overlook attacks that exploit guessable, reused, or coerced passwords. But the wherewithal among users to use strong passwords and keep them safe is rare. Despite decades of practice, managing […]
Clever Badges makes it easy for K-2 students to log into applications. As with any new feature, we wanted to understand and address any potential security risks before we launched Clever Badges to our users. If we built Clever Badges without thinking deeply about security, it would have been easy to introduce a vulnerability and […]