AI Wisdom
Learning Track

Security Engineering

Authn/Authz, secrets management, supply-chain hygiene, OWASP, prompt injection defense — security as a build-time concern.

8+
Topics
8
Published
100%
Free
Browse articles ↓

8 articlesin Security Engineering

Security Engineering
Threat Modeling for Developers: STRIDE, DREAD & Beyond

Threat Modeling for Developers: STRIDE, DREAD & Beyond

Intermediate

STRIDE threat categories, data flow diagrams, trust boundaries, attack trees, DREAD scoring, PASTA methodology, and integrating threat modeling into the SDLC.

14 min
Read →
Security Engineering
Secrets Management: Keeping Credentials Out of Code

Secrets Management: Keeping Credentials Out of Code

Intermediate

Vault patterns, dynamic secrets, automated rotation, git secret scanning, HashiCorp Vault, Azure Key Vault, envelope encryption, and incident response for leaked secrets.

13 min
Read →
Security Engineering
Dependency Scanning: Securing Your Software Supply Chain

Dependency Scanning: Securing Your Software Supply Chain

Intermediate

Supply chain attacks, CVE scoring, SBOMs, transitive vulnerabilities, lockfile integrity, dependency confusion, Sigstore, and tools like Snyk and Dependabot.

13 min
Read →
Security Engineering
SAST & DAST: Automated Security Testing in CI/CD

SAST & DAST: Automated Security Testing in CI/CD

Intermediate

Static vs dynamic security testing, taint analysis, OWASP ZAP, Semgrep, integrating security gates into pull requests, and measuring programme effectiveness.

12 min
Read →
Security Engineering
Zero Trust Architecture: Never Trust, Always Verify

Zero Trust Architecture: Never Trust, Always Verify

Intermediate

Core principles of Zero Trust, microsegmentation, identity-centric security, BeyondCorp, continuous verification, and implementing Zero Trust in cloud environments.

13 min
Read →
Security Engineering
OAuth 2.0 & OIDC: Authorization and Identity Explained

OAuth 2.0 & OIDC: Authorization and Identity Explained

Intermediate

OAuth 2.0 grant types, PKCE, OpenID Connect layers, access vs ID tokens, token introspection, and securing SPAs and APIs with modern auth flows.

15 min
Read →
Security Engineering
JWT Authentication: From Basics to Best Practices

JWT Authentication: From Basics to Best Practices

Intermediate

How JSON Web Tokens work, signing algorithms (HS256 vs RS256), common vulnerabilities (algorithm confusion, none attack), token storage, and refresh token patterns.

13 min
Read →
Security Engineering
OWASP Top 10: The Developer's Security Checklist

OWASP Top 10: The Developer's Security Checklist

Foundational

A practical guide to the OWASP Top 10 — injection, broken authentication, XSS, IDOR, security misconfigurations, and how to prevent each vulnerability class.

14 min
Read →