Defence in depth. Understanding the attack surface of modern web applications and the principles that keep systems and data safe.
Explore Topics
The most critical web application security risks — injection, broken auth, XSS, and the rest of the usual suspects.
OAuth 2.0, OIDC, JWTs, session management — the layers between a user and your protected resources.
How HTTPS actually works, certificate chains, pinning, and what can go wrong at the transport layer.
Auditing your node_modules, lock file integrity, SBOMs, and the reality of trusting strangers' code.
Content-Security-Policy, CORS, HSTS, X-Frame-Options — the HTTP headers that form your first line of defence.
STRIDE, attack trees, and thinking like an adversary before writing a single line of code.