Category · 7 articles
Security
Storing and Handling Sessions in Backend - Interview Question
HTTP is stateless. Every request is independent. The server has no memory of who you are between requests. Sessions solve this. They give the server a way...
16 Apr 2024
Describe the difference between symmetric and asymmetric encryption, and when each is appropriate.
Think of symmetric encryption like a shared house key. Everyone who needs access gets a copy of the same key. Fast, simple, but if one copy gets stolen, t...
15 Mar 2024
What is a Buffer Overflow vulnerability, and how can it be exploited?
Buffer overflow is one of the oldest bugs in computing. It was behind the Morris Worm in 1988. It is still behind CVEs today. The concept is simple: a pro...
14 Mar 2024
Explain SQL Injection and how to prevent it in software applications.
I reviewed a codebase once where every database query was built with template literals. No parameterization. No escaping. The login query looked like this:
14 Mar 2024
What is Cross-Site Scripting (XSS), and how can it be prevented?
I once inherited a codebase that rendered user comments with innerHTML. No sanitization. A user had already injected a script tag that redirected every vi...
14 Mar 2024
OWASP Top Ten for Software Developers
Early in my career, I thought security was someone else's job. The security team runs scans, finds issues, we fix them. Then I shipped a feature with a br...
13 Mar 2024
API Security Checklist
I keep this checklist bookmarked. Every time I build or review an API, I run through it. Most security incidents I have seen came from missing one of thes...
14 Oct 2023