Secure Development (AppSec) for Backend Engineers
Write secure backend code by default. OWASP Top 10, authentication, cryptography, and API security for working developers.
The OWASP Top 10 for Developers Who Actually Write Code
Cut through the compliance language. Each OWASP Top 10 category explained with real code examples, vulnerable patterns, and the fix โ in Python, Go, and Node.js.
Authentication and Session Management: JWT, OAuth, and the Mistakes Everyone Makes
JWT vs session cookies, OAuth 2.0 flows, PKCE, token storage, and the security mistakes in every "JWT tutorial" on the internet.
Cryptography for Developers: What to Use and What to Never Touch
Practical cryptography decisions for backend developers. Which algorithms to use, which to avoid, and why you should never implement your own.
API Security: Rate Limiting, Input Validation, and Authorization
Secure your APIs beyond authentication. Rate limiting strategies, input validation patterns, broken object-level authorization, and mass assignment prevention.
Dependency Security and Supply Chain: Your Code Is Only as Safe as Your Libraries
SCA tools, lockfile integrity, typosquatting, and the reality of supply chain attacks. Build a dependency security workflow that actually works.
Stay ahead of the threat landscape
Get new articles, learning path updates, and security research delivered to your inbox. No spam, unsubscribe anytime.