Tag feed

#security-architecture

18 posts4 followers

Explore Hashnode

Alternatives

Trending tags this week

MNMilan Nikicsecuritydepth.hashnode.devMay 11 · 22 min read

OS Command Injection: Security Architect's Perspective (Part 2)

In Part 1 of this series, we cover OS command injection vulnerabilities from a developer's perspective. We looked at secure coding approaches with ProcessBuilder, whitelist-based validation strategies

0

MNMilan Nikicsecuritydepth.hashnode.devApr 28 · 16 min read

Directory Traversal: A Security Architect's Perspective (Part 3)

In Part 1 and Part 2 of this series, we examined directory traversal from a developer's perspective, covering attack vectors, secure coding patterns, Apache Commons IO usage, frontend security conside

0

TSThe Secure Stackthesecurestack.hashnode.devApr 18 · 3 min read

Qubes OS Security Best Practices: The Philosophy of Compartmentalization

"A chain is only as strong as its weakest link." This ancient adage holds profound truth in the realm of cyber security. No matter how robust your encryption, how sophisticated your firewall, or how

0

TSThe Secure Stackthesecurestack.hashnode.devApr 1 · 6 min read

1: Your Computer Was Built for a World That Doesn't Exist!

Introduction Your computer was designed for a different era. When Windows 95 launched, the internet was barely mainstream. When macOS became dominant in creative workflows, cloud computing didn’t exis

0

MNMilan Nikicsecuritydepth.hashnode.devMar 30 · 27 min read

Building an Application Security Metrics Program: Measuring What Actually Matters

Security architecture is not just about selecting the right controls or designing secure systems. It is about proving those controls work, tracking their effectiveness over time, and communicating res

0

MNMilan Nikicsecuritydepth.hashnode.devMar 16 · 18 min read

Authentication Vulnerabilities: Strategic Defense and Organizational Controls (Part 4)

In the previous parts of this series, we discussed the authentication vulnerability from the developer’s point of view. We discussed password requirements based on NIST guidelines, rate limiting using

0

LFLuca Ferdenzisecurityknowledgebank.hashnode.devMar 4 · 11 min read

How To Write a Security Requirement

You've just been handed a new payments API to secure. Stakeholders want "good security." Compliance wants "PCI-DSS alignment." Your CISO wants "zero trust." The dev team wants you to stop blocking the

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnFeb 19 · 6 min read

How Browser UX Shapes Security More Than Cryptography

Cryptography is precise. Browsers are not. If you’ve implemented WebAuthn in a real PWA, you already know this:The spec is clean. The user experience is not. The uncomfortable truth is this: Most authentication systems fail because of UX, not becaus...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnFeb 19 · 5 min read

Why Passwordless Alone Is Not an Identity Strategy

When teams adopt WebAuthn or FIDO2, the excitement is understandable: No passwords. No phishing. No credential stuffing. Biometric UX. Public-key cryptography. It feels like the final answer. But WebAuthn answers exactly one question: Can thi...

0

MNMilan Nikicsecuritydepth.hashnode.devFeb 18 · 13 min read

SQL Injection in Java: A Security Architect's Perspective (Part 3)

As discussed in Part 1 and Part 2 of this series, we had a look at SQL injection from a developer's perspective and discussed coding best practices related to SQL injection for JDBC, JPA, Spring Data, MyBatis, and stored procedures. This third part o...

0

#security-architecture

Search Hashnode

#security-architecture

Explore Hashnode

Trending tags this week

OS Command Injection: Security Architect's Perspective (Part 2)

Directory Traversal: A Security Architect's Perspective (Part 3)

Qubes OS Security Best Practices: The Philosophy of Compartmentalization

1: Your Computer Was Built for a World That Doesn't Exist!

Building an Application Security Metrics Program: Measuring What Actually Matters

Authentication Vulnerabilities: Strategic Defense and Organizational Controls (Part 4)

How To Write a Security Requirement

How Browser UX Shapes Security More Than Cryptography

Why Passwordless Alone Is Not an Identity Strategy

SQL Injection in Java: A Security Architect's Perspective (Part 3)