Security References

Structured documentation for application security, authentication, cryptography, and the attack patterns every engineer should recognize.

12 references OWASP-aligned Vendor-neutral

Application Security

T10

OWASP Top 10

The most critical web application security risks. What they are, why they matter, how to mitigate.

 SQLi

SQL Injection

How injection happens, classic and second-order variants, and the only real defense.

 XSS

Cross-Site Scripting (XSS)

Reflected, stored, and DOM-based XSS — encoding, sanitization, CSP.

 CSRF

Cross-Site Request Forgery

How CSRF works, SameSite cookies, double-submit tokens, and the modern defaults.

 CSP

Content Security Policy

Writing a useful CSP — sources, nonces, hashes, and report-only mode.

Authentication & Authorization

Aut

Authentication Methods

Basic, Bearer, API keys, sessions, OAuth 2.0, OIDC, mTLS — comparison and use cases.

 OAu

OAuth 2.0 Flows

Authorization Code, PKCE, Client Credentials, Device Code — when each one is correct.

 JWT

JWT Structure

Anatomy of a JSON Web Token — header, payload, signature, and common claims.

 SSH

SSH Key Authentication

How public key auth replaces passwords. Key types, agents, and best practice.

Cryptography

#

Hash Functions

Properties, families, and when MD5, SHA-1, SHA-2, SHA-3, and BLAKE are appropriate.

 Sym

Symmetric vs Asymmetric

One key versus key-pair cryptography. Where each fits in a real system.

 PKI

Public Key Infrastructure

Certificates, CAs, chains of trust, revocation, and the X.509 model.

Related tools and references

Password Generator // tools JWT Decoder // tools SHA Hash Generator // tools HMAC Generator // tools TLS Handshake // networking HTTP Headers Reference // web-development

External authority sources