Security Engineering
Authn/Authz, secrets management, supply-chain hygiene, OWASP, prompt injection defense — security as a build-time concern.
8 articlesin Security Engineering
Threat Modeling for Developers: STRIDE, DREAD & Beyond
STRIDE threat categories, data flow diagrams, trust boundaries, attack trees, DREAD scoring, PASTA methodology, and integrating threat modeling into the SDLC.
Secrets Management: Keeping Credentials Out of Code
Vault patterns, dynamic secrets, automated rotation, git secret scanning, HashiCorp Vault, Azure Key Vault, envelope encryption, and incident response for leaked secrets.
Dependency Scanning: Securing Your Software Supply Chain
Supply chain attacks, CVE scoring, SBOMs, transitive vulnerabilities, lockfile integrity, dependency confusion, Sigstore, and tools like Snyk and Dependabot.
SAST & DAST: Automated Security Testing in CI/CD
Static vs dynamic security testing, taint analysis, OWASP ZAP, Semgrep, integrating security gates into pull requests, and measuring programme effectiveness.
Zero Trust Architecture: Never Trust, Always Verify
Core principles of Zero Trust, microsegmentation, identity-centric security, BeyondCorp, continuous verification, and implementing Zero Trust in cloud environments.
OAuth 2.0 & OIDC: Authorization and Identity Explained
OAuth 2.0 grant types, PKCE, OpenID Connect layers, access vs ID tokens, token introspection, and securing SPAs and APIs with modern auth flows.
JWT Authentication: From Basics to Best Practices
How JSON Web Tokens work, signing algorithms (HS256 vs RS256), common vulnerabilities (algorithm confusion, none attack), token storage, and refresh token patterns.
OWASP Top 10: The Developer's Security Checklist
A practical guide to the OWASP Top 10 — injection, broken authentication, XSS, IDOR, security misconfigurations, and how to prevent each vulnerability class.

