Notes on security,
systems & shipping.
Back-end engineering essays — OWASP deep-dives, Node.js & Go patterns, and the kind of production-hardening you learn the hard way.
- 01
Managing Configs and Environment Variables in Node.js Apps
Learn best practices for managing environment variables and configuration in Node.js applications using NestJS and Fastify. Covers .env files, schema validation, secret managers, and production deployment strategies.
4 min read · #nodejs#configuration → read - 02
Preventing Brute-Force Attacks in Node.js and Golang Applications
Learn how to protect your Node.js and Golang applications from brute-force attacks with rate limiting, account lockouts, CAPTCHA, secure password hashing, and IP blocking strategies.
6 min read · #security#auth#nodejs#golang → read - 03
Mastering Error Handling in Node.js. UnhandledRejection, uncaughtException, and Beyond
Master Node.js error handling with unhandledRejection, uncaughtException, and uncaughtExceptionMonitor. Learn production-ready patterns for graceful shutdowns and reliable applications.
3 min read · #nodejs#errors → read - 04
Mastering EventEmitter in Node.js. A Practical Guide
Learn EventEmitter in Node.js with practical examples. Master event-driven architecture, pub/sub patterns, and best practices for building scalable Node.js applications.
4 min read · #nodejs#patterns → read - 05
Best Practices for Application Activity Logging. A Practical Guide for Node.js and Go Developers
Master application logging with practical examples for Node.js (Pino, Fastify, NestJS) and Go (slog). Learn what to log, security best practices, structured logging, and avoid common mistakes for better monitoring and debugging.
5 min read · #nodejs#observability → read - 06
Input Validation: A Critical Pillar of Secure Application Development
Master input validation techniques to prevent SQL injection, XSS attacks, and other vulnerabilities. Learn OWASP best practices and implementation examples in Fastify and NestJS.
4 min read · #security#nodejs#validation → read - 07
Output Escaping in Node.js: Prevent XSS Attacks with Proper HTML Escaping
Learn how to implement output escaping in Node.js, Fastify, and NestJS to prevent XSS attacks. Complete guide with code examples and OWASP best practices for secure web applications.
3 min read · #security#xss#nodejs → read - 08
Protect Your Node.js App by Limiting Request Size
Learn how to implement request size limits in Node.js applications to prevent DoS attacks, memory exhaustion, and improve application security and stability.
4 min read · #security#nodejs → read - 09
OWASP TOP 10: Server-Side Request Forgery (SSRF)
Explore the risks of SSRF vulnerabilities and learn best practices to protect internal services from unauthorized access.
2 min read · #security#owasp#ssrf → read - 10
OWASP TOP 9: Security Logging and Monitoring Failures
Learn about the importance of security logging and monitoring, and discover best practices to improve visibility and response.
2 min read · #security#owasp#observability → read - 11
OWASP TOP 8: Software and Data Integrity Failures
Explore the importance of software and data integrity, and learn best practices to prevent integrity failures.
2 min read · #security#owasp#integrity → read - 12
OWASP TOP 7: Identification & Authentication Failures
Learn about common authentication failures and best practices to secure user identities and access.
2 min read · #security#owasp#auth → read - 13
OWASP TOP 6: Vulnerable and Outdated Components
Explore the risks of using outdated components and learn best practices for maintaining secure software dependencies.
2 min read · #security#owasp#dependencies → read - 14
OWASP TOP 5: Security Misconfiguration
Learn about security misconfigurations, their impact, and best practices to prevent them in your applications.
2 min read · #security#owasp#configuration → read - 15
OWASP TOP 4 - Insecure Design
Explore the concept of insecure design in application security, learn about real-world examples, and discover best practices for integrating security into the design process.
2 min read · #security#owasp#architecture → read - 16
OWASP TOP 3 - Injection: A Persistent Threat to Web Applications
Explore injection vulnerabilities in web applications, learn about common types, and discover best practices for mitigation.
2 min read · #security#owasp#injection → read - 17
OWASP TOP 2 - Cryptographic Failures
Explore cryptographic failures in application security, learn about real-world examples, and discover best practices for protecting sensitive data.
2 min read · #security#owasp#cryptography → read - 18
OWASP TOP 1: Broken Access Control
Dive into broken access control vulnerabilities with a comprehensive guide on OWASP's approach to secure access control. Learn effective prevention strategies and best practices for robust application security.
2 min read · #security#owasp#auth → read - 19
Understanding OWASP: Essential Guide for Secure Application Development
Explore OWASP's pivotal role in modern software engineering, providing guidelines on OWASP Top 10, cheat sheets, and practical measures for secure app development.
2 min read · #security#owasp → read