Skip to content
TechPlained

Security

Secure your infrastructure and applications. TLS certificates, OAuth 2.0 flows, firewall rules, zero trust architecture, and vulnerability management for production systems.

30 articles

SQL Injection in 2026: Still a Problem, Here's How to Stop It
Security

SQL Injection in 2026: Still a Problem, Here's How to Stop It

SQL injection remains a top vulnerability. Learn how SQLi works, why ORMs are not enough, and how to prevent it with parameterized queries and defense in depth.

9 min read·
Secret Management: HashiCorp Vault vs AWS Secrets Manager vs Kubernetes Secrets
Security

Secret Management: HashiCorp Vault vs AWS Secrets Manager vs Kubernetes Secrets

Compare Vault, AWS Secrets Manager, and Kubernetes Secrets. Learn about dynamic secrets, rotation, injection patterns, and when to use each tool.

9 min read·
Software Supply Chain Security: SBOMs, Sigstore & Dependency Scanning
Security

Software Supply Chain Security: SBOMs, Sigstore & Dependency Scanning

Anatomy of supply chain attacks (xz-utils, SolarWinds, event-stream), SBOM generation with Syft and Trivy, Sigstore keyless signing, dependency scanning tools compared, and the SLSA framework.

12 min read·
Zero Trust Architecture: What It Means Beyond the Buzzword
Security

Zero Trust Architecture: What It Means Beyond the Buzzword

Zero Trust eliminates implicit trust based on network location. Learn the five pillars, mTLS, SPIFFE/SPIRE, and a practical implementation roadmap.

8 min read·
The Self-Propagating npm Worm (April 2026): How postinstall Hooks Got Weaponized
Security

The Self-Propagating npm Worm (April 2026): How postinstall Hooks Got Weaponized

April 2026's self-propagating npm worm used postinstall hooks to scrape developer tokens (npm, GitHub, AWS), then auto-publish backdoored package versions. Detection steps, rotation playbook, and the structural defenses (ignore-scripts, pnpm, sandboxed CI, signed publishes).

12 min read·
OAuth 2.0 and OIDC: The Difference and When to Use Each
Security

OAuth 2.0 and OIDC: The Difference and When to Use Each

OAuth 2.0 handles authorization while OIDC handles authentication. Learn the grant types, token differences, PKCE, and when to use each protocol.

9 min read·
The Vercel April 2026 Edge Function Incident: What Leaked, What to Do
Security

The Vercel April 2026 Edge Function Incident: What Leaked, What to Do

Vercel's April 6-9 edge function incident exposed env-vars and secrets in a subset of deployments. Timeline, scope, what was actually exposed, the rotation playbook for affected teams, and the structural defenses that prevent this next time.

11 min read·
Passkeys Explained: How WebAuthn Is Replacing Passwords
Security

Passkeys Explained: How WebAuthn Is Replacing Passwords

Passkeys use FIDO2/WebAuthn public-key cryptography to eliminate passwords entirely. Learn how they work, how to implement them, and how to handle device loss with synced passkeys.

12 min read·
AWS Parameter Store vs Secrets Manager: When the Free Tier Wins
Security

AWS Parameter Store vs Secrets Manager: When the Free Tier Wins

Parameter Store free for 10K params; Secrets Manager $0.40/secret/mo. Pay for rotation; use free tier for config. Cost math at 10/100/500 secret scale.

9 min read·
← NewerPage 2 of 4Older →

Stay in the loop

New articles delivered to your inbox. No spam.