Tag
appsec
3 articles tagged with “appsec”
AIAI-SearchAPI-gatewayASP.NET-CoreAzure-APIMAzure-OpenAICIClaudeCoTCopilotCosmos-DBCursorDORAEvent-GridGPTGemmaGitFlowGitHubHPAICLJSONJSON-modeLLMLLM-securityMCPMistralModel-Context-ProtocolOIDCOmitPartialPhiPickPineconeQdrantRAGReActRecordSDKSLISLMSLOSemantic-KernelService-BusWindsurfa-staragentsaggregationaiai-gatewayaksalertingalgorithmsapi-designapi-gatewayapi-versioningapimapp-routerapp-serviceappsecarchitecturearm-templatesaspnet-coreaspnetcoreasyncauditauthenticationauthorizationautomationazureazure-front-doorazure-functionsazure-openaiazure-policyazure-storagebddbenchmarksbest-practicesbfsbicepbinary-searchbranchingbstcache-componentscachingcap-theoremchain-of-thoughtchatbotci-cdci-optimizationcicdclean-architecturecloudcloud-securitycloudeventscode-reviewcoding-agentscomparisoncompliancecomposeconcurrencyconcurrent-renderingconditional-typesconsistencyconsistent-hashingconstraintsconsumer-drivencontainerscontextcontract-testingcosmos-dbcost-controlcost-optimizationcoveragecqrscsharpcvecypressdapperdastdata-fetchingdatabasesdataloaderddddecision-frameworkdependency-injectiondependency-scanningdeployment-slotsdeploymentsdeprecationdesign-patternsdevopsdfsdijkstradiscriminated-unionsdistributivedockerdocumentationdotnetdotnet-9drift-detectiondynamic-programminge2e-testingef-coreef-core-9embeddingsengineeringenvironmentserror-budgetevaluationevent-drivenevent-gridevent-hubseventingexamplesfeature-flagsfederationfew-shotfiberfine-tuningflaky-testsflex-consumptionfrontendfunction-callinggenericsgitgithub-actionsgolden-signalsgpt-4ographgraphqlgrpchclhealth-checksheaphookshotchocolatehttphttp2http3hybridcacheiacidempotencyidentityin-context-learningindexesinferinferenceinfrastructureintegrationintegration-testingintrosortisolationjailbreakjestjoinsjotaijsonbjwtk8skey-remappingkey-vaultkiotaknapsackknowledge-basekuberneteslanguagelegacy-codelinqload-balancinglower-boundmanaged-identitymapped-typesmaterialized-viewsmemoizationmemorymergemessage-queuemessagingmetricsmicroservicesminimal-apismockingmocksmodel-routingmodulesmongodbmonitoringmswmulti-agentmulti-stage-buildsmulti-tenantmvccnarrowingnetwork-securitynextjs-16normalizationnosqloauthoauth2observabilityoidcopaopenapiorchestrationoutput-formatowasppaaspactpactflowpage-objectsparsingpartitioningperformancepersonal-AIpgvectorpineconepipelineplanningplaywrightpluginspolicy-as-codepollypostgresqlproductionprompt-designprompt-engineeringprompt-injectionprotobufpulumipythonqualityquality-gatesquantizationqueuesragrate-limitingreactreact-19react-compilerreact-internalsreact-queryreact-server-componentsrealtimereasoningrecursionrecursive-typesred-blackred-green-refactorred-teamingredisregression-testingrelease-managementresource-limitsrestreusable-workflowsrlsrolling-updatesruntime-safetysaga-patternsastsbomscaleschemaschema-designsdlcsecrets-managementsecuritysecurity-testingself-consistencyserializableserver-actionsserverlessservice-busshardingshortest-pathsignalrsnapshot-testingsoftware-designsortingspiessqlstabilitystate-managementstreamsstridestructured-outputstubssupertestsupply-chainsystem-designtail-calltanstack-querytask-framingtddtemplate-literalsterraformtest-architecturetest-doublestest-pyramidtestcontainerstestingtesting-patternstesting-strategythreat-modelingtoken-buckettoken-economicstokenstool-callingtool-usetopological-sorttransactionstreestrietrunk-basedtype-guardstype-predicatestype-systemtype-transformstypescriptunit-testingutility-typesvalidationvalkeyvaultvector-dbvector-searchversion-controlvisual-regressionvitestvulnerabilitiesweaviateweb-apiweb-securitywebsocketswindow-functionswiremockworkload-identityworkspacesxunityarpzero-shotzero-trustzodzustand
Security Engineering
OWASP Top 10: The Developer's Security Checklist
Foundational
A practical guide to the OWASP Top 10 — injection, broken authentication, XSS, IDOR, security misconfigurations, and how to prevent each vulnerability class.
14 min
Read →Security Engineering
SAST & DAST: Automated Security Testing in CI/CD
Intermediate
Static vs dynamic security testing, taint analysis, OWASP ZAP, Semgrep, integrating security gates into pull requests, and measuring programme effectiveness.
12 min
Read →Security Engineering
Threat Modeling for Developers: STRIDE, DREAD & Beyond
Intermediate
STRIDE threat categories, data flow diagrams, trust boundaries, attack trees, DREAD scoring, PASTA methodology, and integrating threat modeling into the SDLC.
14 min
Read →
