Notes on security,
systems & shipping.
Back-end engineering essays — OWASP deep-dives, Node.js & Go patterns, and the kind of production-hardening you learn the hard way.
OWASP Top 10
// 11 partsA walkthrough of the 10 most critical web vulnerabilities
Intro + all ten categories with prevention strategies and code.
- 00 Essential Guide for Secure Application Development →
- 01 Broken Access Control →
- 02 OWASP TOP 2 - Cryptographic Failures →
- 03 OWASP TOP 3 - Injection: A Persistent Threat to Web Applications →
- 04 OWASP TOP 4 - Insecure Design →
- 05 Security Misconfiguration →
- 06 Vulnerable and Outdated Components →
- 07 Identification & Authentication Failures →
- 08 Software and Data Integrity Failures →
- 09 Security Logging and Monitoring Failures →
- 10 Server-Side Request Forgery (SSRF) →
Essays
// 8 posts- 01
Managing Configs and Environment Variables in Node.js Apps
Learn best practices for managing environment variables and configuration in Node.js applications using NestJS and Fastify. Covers .env files, schema validation, secret managers, and production deployment strategies.
4 min read · #nodejs#configuration → read - 02
Preventing Brute-Force Attacks in Node.js and Golang Applications
Learn how to protect your Node.js and Golang applications from brute-force attacks with rate limiting, account lockouts, CAPTCHA, secure password hashing, and IP blocking strategies.
6 min read · #security#auth#nodejs#golang → read - 03
Mastering Error Handling in Node.js. UnhandledRejection, uncaughtException, and Beyond
Master Node.js error handling with unhandledRejection, uncaughtException, and uncaughtExceptionMonitor. Learn production-ready patterns for graceful shutdowns and reliable applications.
3 min read · #nodejs#errors → read - 04
Mastering EventEmitter in Node.js. A Practical Guide
Learn EventEmitter in Node.js with practical examples. Master event-driven architecture, pub/sub patterns, and best practices for building scalable Node.js applications.
4 min read · #nodejs#patterns → read - 05
Best Practices for Application Activity Logging. A Practical Guide for Node.js and Go Developers
Master application logging with practical examples for Node.js (Pino, Fastify, NestJS) and Go (slog). Learn what to log, security best practices, structured logging, and avoid common mistakes for better monitoring and debugging.
5 min read · #nodejs#observability → read - 06
Input Validation: A Critical Pillar of Secure Application Development
Master input validation techniques to prevent SQL injection, XSS attacks, and other vulnerabilities. Learn OWASP best practices and implementation examples in Fastify and NestJS.
4 min read · #security#nodejs#validation → read - 07
Output Escaping in Node.js: Prevent XSS Attacks with Proper HTML Escaping
Learn how to implement output escaping in Node.js, Fastify, and NestJS to prevent XSS attacks. Complete guide with code examples and OWASP best practices for secure web applications.
3 min read · #security#xss#nodejs → read - 08
Protect Your Node.js App by Limiting Request Size
Learn how to implement request size limits in Node.js applications to prevent DoS attacks, memory exhaustion, and improve application security and stability.
4 min read · #security#nodejs → read
// no posts match this tag