TechPlained

Security

Secure your infrastructure and applications. TLS certificates, OAuth 2.0 flows, firewall rules, zero trust architecture, and vulnerability management for production systems.

8 articles

Network Firewalls vs WAFs: Understanding Your Defense Layers
Security

Network Firewalls vs WAFs: Understanding Your Defense Layers

Network firewalls filter by IP and port at Layer 3/4. WAFs inspect HTTP content at Layer 7. Learn when you need each and how to configure them together.

10 min read·
Certificate Management at Scale: Let's Encrypt, ACME, and cert-manager
Security

Certificate Management at Scale: Let's Encrypt, ACME, and cert-manager

Automate TLS certificates with Let's Encrypt, ACME protocol, and cert-manager in Kubernetes. Covers HTTP-01, DNS-01, wildcards, private CAs, and expiry monitoring.

9 min read·
SSRF Attacks: What They Are and Why Cloud Environments Make Them Dangerous
Security

SSRF Attacks: What They Are and Why Cloud Environments Make Them Dangerous

SSRF lets attackers reach internal services through your server. Learn how cloud metadata endpoints amplify the risk and how to defend against SSRF.

9 min read·
SQL Injection in 2026: Still a Problem, Here's How to Stop It
Security

SQL Injection in 2026: Still a Problem, Here's How to Stop It

SQL injection remains a top vulnerability. Learn how SQLi works, why ORMs are not enough, and how to prevent it with parameterized queries and defense in depth.

9 min read·
Secret Management: HashiCorp Vault vs AWS Secrets Manager vs Kubernetes Secrets
Security

Secret Management: HashiCorp Vault vs AWS Secrets Manager vs Kubernetes Secrets

Compare Vault, AWS Secrets Manager, and Kubernetes Secrets. Learn about dynamic secrets, rotation, injection patterns, and when to use each tool.

9 min read·
Zero Trust Architecture: What It Means Beyond the Buzzword
Security

Zero Trust Architecture: What It Means Beyond the Buzzword

Zero Trust eliminates implicit trust based on network location. Learn the five pillars, mTLS, SPIFFE/SPIRE, and a practical implementation roadmap.

8 min read·
OAuth 2.0 and OIDC: The Difference and When to Use Each
Security

OAuth 2.0 and OIDC: The Difference and When to Use Each

OAuth 2.0 handles authorization while OIDC handles authentication. Learn the grant types, token differences, PKCE, and when to use each protocol.

9 min read·
JWT vs Session Tokens: Authentication Trade-offs Explained
Security

JWT vs Session Tokens: Authentication Trade-offs Explained

An honest comparison of JWT and session token authentication. Covers JWT structure, signing algorithms (RS256 vs HS256), common vulnerabilities, the revocation problem, and when each approach is the right choice for your architecture.

13 min read·

Stay in the loop

New articles delivered to your inbox. No spam.