Posts in

All tags

Injection defenses

Injection defenses rely on making your code aware of the data structure it manipulates. If it is done well, your data structure internals are exposed just enough, so it is possible to hide them completely. Taking this approach will lead you to think of interfaces as security contracts.

Injections, where code meets data

Injections are still one, if not the most serious, flaws a developer can make. This post deconstructs the vulnerability and puts it back together to offer you a solid understanding to build on. After reading it, you will never think of injections the same way.

Use this mental model to learn security

Mental models help us learn faster and more efficiently. The security field can be viewed from two different viewpoints. One is very high-level, dealing with abstract ideas. Let’s call it macro. The other deals with the details, of how the smaller parts interact. That’s the micro.

The ends of encryption

End-to-end encryption means data is encrypted at the sender and only the final recipient can decrypt it. True end-to-end encryption has excellent privacy and security benefits. However, it also has a cost. As a developer, it is a great pattern to utilize to shield data from 3rd parties.

The Web API Authentication guide

As a web developer, you have various choices regarding API authentication. This guide aims to provide you with a high-level overview of the six most used schemes. Inside, you will find a cheatsheet to help you choose.