Security Best Practices
Practical guidance for securing applications and APIs across authentication, authorization, data protection, and threat mitigation.
An Introduction to Cloud Security Posture Management (CSPM)
An introduction to Cloud Security Posture Management (CSPM), explaining how these automated tools detect and remediate misconfigurations in your cloud environments.
A Guide to API Authentication with OAuth 2.0 and JWTs
A guide to modern API security, explaining how the OAuth 2.0 framework and JSON Web Tokens (JWTs) are used for secure authentication and authorization.
Best Practices for Securely Storing Passwords
A critical guide to securely storing user passwords, covering the importance of hashing and salting, and recommending modern algorithms like Argon2 and bcrypt.
Building secure APIs from scratch
Comprehensive guide to designing and implementing secure APIs with authentication, authorization, input validation, and protection against common vulnerabilities.
Building secure applications from scratch
Learn how to build secure applications from the ground up with comprehensive security practices, including authentication, authorization, data protection, secure coding practices, and vulnerability prevention.
Content Security Policy (CSP): A Defense Against XSS and Injection Attacks
A guide to implementing a Content Security Policy (CSP) as a powerful, in-depth defense to prevent Cross-Site Scripting (XSS) and other injection attacks.
Preventing Cross-Site Request Forgery (CSRF) Attacks
A guide to understanding and preventing Cross-Site Request Forgery (CSRF) attacks using techniques like anti-CSRF tokens and SameSite cookies.
Securing Your Supply Chain: A Guide to Managing Open-Source Dependencies
A guide to software supply chain security, explaining how to find and mitigate vulnerabilities in your open-source dependencies using Software Composition Analysis (SCA).
Security Headers for Web Applications: A Practical Guide
A practical guide to implementing essential HTTP security headers like HSTS, X-Content-Type-Options, and X-Frame-Options to harden your web application.
The Principle of Least Privilege: A Guide to Minimizing Attack Surfaces
A guide to the Principle of Least Privilege (PoLP), a foundational security concept for minimizing attack surfaces by ensuring entities only have the permissions they need.
Understanding Cross-Site Scripting (XSS): A Guide to Prevention
A guide to understanding and preventing Cross-Site Scripting (XSS) attacks, covering stored, reflected, and DOM-based XSS with modern mitigation techniques.