Security

Security

mTLS, OAuth+PKCE, passkeys, SBOM, zero trust, K8s pod security.

52Articles
52Topics covered
Articles in this category

All 52 articles, sorted alphabetically

Advertisement
ARTICLE · 01

JWT vs Session Tokens

Stateless tokens vs stateful sessions and when to prefer each.

Read article
ARTICLE · 02

Kubernetes Pod Security Standards

Restricted, baseline, privileged — what each one blocks.

Read article
ARTICLE · 03

mTLS for Internal Services

Service-to-service auth without bearer tokens.

Read article
ARTICLE · 04

mTLS for Service-to-Service

Mesh-level mutual TLS with SPIFFE/SPIRE.

Read article
ARTICLE · 05

OAuth2 Authorization Code with PKCE

The right flow for public clients in 2026.

Read article
ARTICLE · 06

OAuth2 PKCE Flow Explained

Public client authorization without a client secret.

Read article
ARTICLE · 07

OWASP API Security Top 10

Common API vulnerabilities and how to prevent them.

Read article
ARTICLE · 08

SBOMs and Supply Chain Security

SPDX, CycloneDX, and what to actually do with them.

Read article
ARTICLE · 09

Authentication

How authentication verifies user identity: passwords, MFA, WebAuthn, and modern patterns.

Read article
ARTICLE · 10

Authorization

How authorization decides what users can access after authentication. RBAC, ABAC, and policy engines.

Read article
ARTICLE · 11

CSRF

How CSRF tricks browsers into making authenticated requests, and modern defenses (SameSite cookies).

Read article
ARTICLE · 12

JWT

How JWT provides stateless auth via signed claims, and the common pitfalls.

Read article
ARTICLE · 13

OAuth 2.0

How OAuth 2.0 lets apps access user data on another service without seeing user's password.

Read article
ARTICLE · 14

OWASP Top 10

The OWASP Top 10 list of common web vulnerabilities and why every developer should know them.

Read article
ARTICLE · 15

Secret Management

How to manage secrets (never in code, rotate regularly, use secret stores like Vault or Secrets Manager).

Read article
ARTICLE · 16

SQL Injection

How SQL injection lets attackers modify database queries, and defenses (parameterized queries, ORM).

Read article
ARTICLE · 17

Threat Modeling

How to threat model: identify assets, threats, vulnerabilities, and mitigations before building.

Read article
ARTICLE · 18

Cross-Site Scripting (XSS)

How XSS lets attackers inject JavaScript into pages, and defenses (output encoding, CSP).

Read article
ARTICLE · 19

Secret Rotation in Kubernetes

External Secrets Operator and CSI driver patterns.

Read article
ARTICLE · 20

Secrets Management for Developers

Vault, AWS Secrets Manager, SOPS, and the env-var trap.

Read article
ARTICLE · 21

TLS certificate pinning architecture

Deep-dive on TLS certificate and public-key pinning: the client rejects any certificate whose key is not on a pre-shipped pinset, even one a trusted C…

Read article
ARTICLE · 22

Container security architecture

Deep-dive on container security: image scanner, registry policy, seccomp, gVisor/Kata, rootless, PodSecurity Admission, IDS, audit.

Read article
ARTICLE · 23

Content Security Policy architecture

Deep-dive on CSP: directive model and browser enforcement, why nonce/hash-based script-src with strict-dynamic beats host allowlists, frame-ancestors …

Read article
ARTICLE · 24

CSRF defense architecture

Deep-dive on Cross-Site Request Forgery defense: ambient authority and the identity-vs-intent gap, SameSite cookies, synchronizer and signed double-su…

Read article
ARTICLE · 25

Data loss prevention architecture

Deep-dive on DLP architecture: inspecting content with regex/validators, ML classifiers, and exact-data fingerprinting; classifying by data type, sens…

Read article
ARTICLE · 26

IAM Architecture in Depth

A 2500-word walkthrough of IAM architecture: user + IdP + token, policy engine, RBAC/ABAC, enforcement, audit, break-glass, access reviews, JIT.

Read article
ARTICLE · 27

IAM review architecture

Deep-dive on IAM review: role catalog, usage analytics, drift detection, certification workflow, break-glass audit, auto revoke.

Read article
ARTICLE · 28

JWT validation

Deep-dive on validating JSON Web Tokens correctly, built on the crucial distinction that decoding a JWT is not validating it: the header and payload a…

Read article
ARTICLE · 29

KMS envelope encryption architecture

Deep-dive on envelope encryption: a KMS/HSM-held customer master key that wraps per-object data keys, GenerateDataKey and the wrap/unwrap flow, local …

Read article
ARTICLE · 30

mTLS -- both sides prove who they are

Deep-dive on mutual TLS (mTLS): the service-to-service authentication problem, mutual authentication (both sides present and validate certs) vs regula…

Read article
ARTICLE · 31

OAuth 2.0 authorization code + PKCE architecture

Deep-dive on the OAuth 2.0 authorization code flow with PKCE: code_verifier/code_challenge generation and the S256 method, the front-channel authoriza…

Read article
ARTICLE · 32

Pentest architecture

Deep-dive on pentest lifecycle: scope, reconnaissance, exploitation, reporting, prioritization, remediation, retest, purple team.

Read article
ARTICLE · 33

Privileged access management architecture

Deep-dive on privileged access management (PAM): eliminating standing admin access with just-in-time, time-boxed grants; the request and approval work…

Read article
ARTICLE · 34

Ransomware defense architecture

Deep-dive on ransomware defense: EDR/MDR, segmentation, immutable backups, IR playbook, tabletop exercises, legal, insurance.

Read article
ARTICLE · 35

RBAC vs ABAC architecture

Deep-dive on authorization architecture: RBAC roles and hierarchies versus ABAC attribute policies, subject/resource/action/environment context, the P…

Read article
ARTICLE · 36

SAML federation architecture

Deep-dive on SAML SSO: the browser as transport, assertion structure and conditions, metadata-driven certificate trust, XML signature wrapping, audien…

Read article
ARTICLE · 37

SAST and DAST

Deep-dive on SAST and DAST: static code analysis vs dynamic runtime testing, IAST and SCA, CI/CD shift-left integration, complementary coverage, the f…

Read article
ARTICLE · 38

Secrets Management Architecture in Depth

A 2500-word walkthrough of secrets management: workload identity, secrets manager, dynamic short-lived, rotation, audit, envelope encryption, CI/CD.

Read article
ARTICLE · 39

Secrets scanning architecture

Deep-dive on secrets scanning: repo scanners, pre-commit hooks, CI gates, rotation, false-positive triage, response runbook.

Read article
ARTICLE · 40

Session management architecture

Deep-dive on web session management: server-side sessions vs stateless tokens, cookie hardening (HttpOnly/Secure/SameSite/__Host-), per-request valida…

Read article
ARTICLE · 41

SIEM detection pipeline architecture

Deep-dive on SIEM architecture: delivery-guaranteed collection tiers, ECS/OCSF normalization, ingest-time enrichment, streaming rules vs windowed corr…

Read article
ARTICLE · 42

Software Supply Chain Security Architecture in Depth

A 2500-word walkthrough of supply chain security: signed source, pinned deps, hermetic build, SLSA attestation, SBOM, signing, registry, admission, sc…

Read article
ARTICLE · 43

Supply chain security architecture

Deep-dive on supply chain security: signed source, isolated builds, SBOM, SLSA provenance, signing, verify at deploy, runtime attestation.

Read article
ARTICLE · 44

Threat modeling architecture

Deep-dive on threat modeling as a practice: data-flow diagrams and trust boundaries, STRIDE elicitation and attack trees, likelihood-impact ranking, m…

Read article
ARTICLE · 45

Web Application Firewall -- filtering malicious HTTP traffic

Deep-dive on Web Application Firewalls: the inspect-and-filter role, rule types (signature/anomaly/custom), OWASP coverage, positive vs negative secur…

Read article
ARTICLE · 46

WebAuthn and passkeys architecture

Deep-dive on WebAuthn/passkeys: authenticators and CTAP2, origin-bound challenge-response, registration and authentication ceremonies, attestation, sy…

Read article
ARTICLE · 47

Zero Trust Architecture in Depth

A 2500-word walkthrough of zero trust security: identity, device trust, trust broker, access proxy, microsegmentation, data classification, continuous…

Read article
ARTICLE · 48

Zero trust architecture

Deep-dive on zero trust: identity + device posture + policy engine + enforcement + micro-segmentation + continuous verification + JIT access.

Read article
ARTICLE · 49

SQL Injection in 2026

Why it still happens and how modern stacks prevent it.

Read article
ARTICLE · 50

WebAuthn Passkeys Explained

Phishing-resistant auth that users actually adopt.

Read article
ARTICLE · 51

Zero Trust Architecture Basics

Never trust always verify in practice.

Read article
ARTICLE · 52

Zero Trust in Practice

Beyond the marketing: what changes in code and ops.

Read article