5 topics

Security

OWASP, OAuth2, RBAC, secrets, GDPR

OAuth2 & OIDC for Engineers

OAuth2 is authorization (access tokens); OIDC is authentication (ID tokens) layered on top. Use Authorization Code + PKCE for everything user-facing; client credentials for service-to-service.

oauth2oidcauth

Security/senior

JWT — Beyond the Hello World

JWTs are great for stateless authz but terrible for session management. Keep them short-lived, validate everything, and never roll your own.

jwtauthsecurity

Security/senior

Secrets Management

Secrets in code → secrets in vault → no secrets (workload identity). Rotation is a process, not a feature — automate it or it won't happen.

secretsvaultrotation

Security/senior

OWASP Top 10 — What Actually Trips Senior Teams

Injection and broken auth are well-handled today. The categories that trip senior teams in 2025: broken access control, SSRF, software supply chain, and insecure deserialization.

owaspsecurityappsec

Security/staff

mTLS for Service-to-Service

mTLS gives strong service identity, encrypts in transit, and removes whole classes of internal-network attacks. Make it boring with a service mesh or SPIFFE.

mtlstlszero-trust