Container Security Fundamentals: Protecting Your Containerised Applications
Containers have fundamentally changed how we build and deploy applications, but they’ve also introduced new security considerations that many teams struggle ...
Security
Building a Centralised Azure Container Registry: A Platform Engineering Guide
When building container-based applications on Azure, you’ll inevitably need to decide how to manage your container images. Azure Container Registry (ACR) is ...
The Forgotten Defenders: A Guide to HTTP Security Headers
Despite years of advancements in web security, many applications still lack one of the simplest, most effective defense mechanisms: HTTP Security Headers. Th...
Container Security 101: From Dockerfiles to Runtime
How to build, ship, and run containers without opening the front door to attackers
STRIDE vs. Attack Trees: Two Lenses for Threat Modelling
Threat modeling has evolved from a niche security task into a core part of modern software development. It’s not just for security engineers — it’s a tool pr...
How to Conduct a Post-Incident Security Review
Incidents happen. Maybe it was a misconfigured S3 bucket, a leaked token, or a logic bug that let a user see someone else’s data. The temptation after contai...
Authentication Pitfalls in the Real World
If there’s one thing nearly every developer has built at some point, it’s a login system. And why not? There are plenty of libraries to help, standards like ...
OWASP Top 10:2021 — A10: Server-Side Request Forgery (SSRF)
We’ve reached the end of the OWASP Top 10 in this OWASP Top 10:2021 series — and we’re finishing with a bang. SSRF is one of the most dangerous vulnerabiliti...
OWASP Top 10:2021 — A09: Security Logging and Monitoring Failures
You Can’t Respond to What You Don’t See
OWASP Top 10:2021 — A08: Software and Data Integrity Failures
Welcome back to this OWASP Top 10:2021 security series. Today, we’re stepping away from code bugs and logic flaws to talk about something much sneakier: trus...
OWASP Top 10:2021 — A07: Identification and Authentication Failures
Welcome back to this deep dive into the OWASP Top 10. Today we’re looking at something fundamental: authentication.
OWASP Top 10:2021 — A06: Vulnerable and Outdated Components
Welcome back to this OWASP Top 10 deep dive. Today’s topic — Vulnerable and Outdated Components — might not sound exciting at first, but it’s a silent killer...
OWASP Top 10:2021 — A05: Security Misconfiguration
Welcome to Part 5 of this OWASP Top 10 series. So far, we’ve covered insecure code, weak design, and architectural flaws. Now it’s time to talk about somethi...
OWASP Top 10:2021 — A04: Insecure Design
Welcome to Part 4 of our OWASP Top 10:2021 series. So far, we’ve looked at hands-on, tactical flaws like Injection and Cryptographic Failures. But now we’re ...
OWASP Top 10:2021 — A03: Injection
Welcome back to this OWASP Top 10 series. So far, we’ve looked at Broken Access Control and Cryptographic Failures — both dangerous, both preventable. Now we...
OWASP Top 10:2021 — A02: Cryptographic Failures
Welcome to part two of this OWASP Top 10:2021 series, where I break down each of the top security risks, in a way that makes sense to everyday engineers. In ...
OWASP Top 10:2021 — A01: Broken Access Control
Welcome to the first post in this OWASP Top 10:2021 series, where I break down each of the top security risks. This is for engineers who may not be security ...