Abstractions & Encapsulation
Use stable façades and information hiding to manage complexity, evolve safely, and enforce boundaries
36 docs tagged with "security"
View all tagsAPI Security
Secure APIs with authentication, authorization, and scope management
Auditing & Tamper-Evident Logs
Maintain immutable audit trails of all data access and modifications
Checklists & Templates
Practical reference guides and checklists for software architecture reviews, decisions, and operational excellence. Templates for ADRs, threat modeling, API reviews, and production readiness.
Configuration vs. Code
Master the discipline of separating configuration from code for flexibility and safety.
Container and Kubernetes Security (Admission, PSP, PSA)
TL;DR
Data Lifecycle & Compliance
Manage data through its lifecycle: retention, privacy, erasure, and audit trails
Data Seeding and Masking
Populate test environments safely by masking sensitive data and using synthetic alternatives.
Dependency and Supply Chain Security (SBOM, Signing)
TL;DR
Endpoint Hardening and Security Baselines
TL;DR
Firewalls, WAF, and API Gateways
TL;DR
High-Compliance Systems: Audit and Segregation of Duties
TL;DR
Image & Artifact Management
Registry strategies, versioning, scanning, and garbage collection
Incident Response and Forensics
TL;DR
Injection, XSS, SSRF, and RCE: Core Vulnerability Classes
Understanding injection attacks, cross-site scripting, server-side request forgery, and remote code execution through real-world examples and mitigation strategies.
Input Validation and Defensive Programming
Protect systems through rigorous input validation and defensive programming practices.
Interfaces and Contracts
Define crisp boundaries and explicit, testable contracts to decouple teams and evolve systems safely.
Log Retention and Privacy
Manage log lifecycle responsibly: comply with regulations, protect sensitive data, and optimize retention periods.
Multi-Tenancy: Pooled vs Siloed
Design data isolation strategies for SaaS systems: shared vs dedicated resources
Network Policies & mTLS
Zero-trust networking, encryption in transit, and certificate management
Network Segmentation and Micro-Perimeters
TL;DR
Networking
Load balancing, network policies, mTLS, and CDN/edge patterns
PII Classification, Masking & Tokenization
Identify, classify, and protect personally identifiable information
Platform Concerns
Image and artifact management, supply-chain security, cost controls, and resource quotas
Policy as Code and Guardrails
Enforce infrastructure standards and security policies automatically; prevent non-compliant deployments.
Proxy Pattern
TL;DR
SBOM & Supply-Chain Signing
Software bill of materials, code attestation, and secure artifact provenance
Secrets and Configuration Management
Manage credentials, API keys, and configuration safely; never commit secrets to version control.
Security Logging, SIEM, and SOAR
TL;DR
Security Testing, Penetration Tests, Scans, and Fuzzing
Find and fix vulnerabilities before attackers do through automated scanning, manual testing, and fuzzing.
Stakeholders & Concerns
Identify stakeholders, elicit their concerns, and reconcile trade-offs into architecture decisions
Threat Model Template
STRIDE-based threat modeling framework for identifying security vulnerabilities. Includes asset identification, attack surface analysis, threat enumeration, risk scoring, and mitigation planning.
Threat Modeling Frameworks: STRIDE, LINDDUN, PASTA
Master systematic threat identification frameworks
Vulnerability Management and Patching
TL;DR
Webhooks
Push events to external systems reliably with webhooks
Webhooks and Callbacks
Master event-driven integrations: webhooks for server-initiated callbacks, signing for security, and handling idempotency and retries.