Security | Web Development Knowledge Base

📄️Secure DevOps environments for Zero Trust

Explains best practices for securing developer and DevOps platform environments to implement Zero Trust principles (verify explicitly, use least privilege access, assume breach).

📄️Shift Left Security

Explains the "Shift Left" philosophy of implementing security measures early in the development cycle, along with practical implementation methods in .NET, Azure, Terraform, GitHub, and Angular.

📄️TLS/SSL Basics

Comprehensive guide to TLS/SSL mechanisms, digital certificates, encryption technologies, and the handshake process

📄️Zscaler

Overview and key features of the cloud-based security platform Zscaler

📄️Microsoft Intune

Overview and key features of Microsoft Intune, a cloud-based endpoint management platform

📄️Ivanti

Overview and key features of Ivanti, providing endpoint management and security solutions

📄️DevSecOps and Static Security Scanning

Best practices for Static Code Analysis (SAST/IaC Scanning) using modern tools like Checkov and integrating them into CI/CD pipelines.

📄️SBOM and Vulnerability Scanning

Understanding SBOM (Software Bill of Materials) and its relationship with security, and practical approaches to SCA, container scanning, and vulnerability assessment using .NET, Docker, Node.js, and Python examples.

📄️PKI and Root Certificate Rotation

Impacts of PKI (Public Key Infrastructure) mechanisms and root certificate rotation on systems.

📄️Email Authentication (SPF/DKIM/DMARC)

A comprehensive guide to SPF, DKIM, and DMARC mechanisms and configuration to prevent email spoofing, with practical SendGrid domain authentication setup

📄️BFF Pattern and the Token-Protection Security Model

The security motivation, structure, and threat model (token theft vs. session riding) of the Backend for Frontend (BFF) pattern, which eliminates token exposure in SPAs

📄️CSRF / SameSite / CSP and XSS Defense

CSRF defenses (SameSite, antiforgery tokens) for cookie-based authentication, and Content Security Policy (CSP) as defense-in-depth against XSS

📄️Server-side Token Store and Distributed Sessions (Redis, Refresh Lock)

Designing the server-side token store for a BFF. In-Memory vs. Redis, TTL design, distributed refresh lock, and fail-closed key resolution

📄️Sender-Constrained Tokens (DPoP / mTLS) and Refresh Token Rotation

Sender-constrained tokens (DPoP, mTLS) that mitigate Bearer-token replay, and refresh-token rotation. Protection for public clients such as mobile apps

📄️OWASP ASVS

Overview of the OWASP Application Security Verification Standard (ASVS), its verification levels, requirements, and practical usage.

📄️OWASP Top 10

Top 10 most critical security risks in web applications