Backend / Jun 30, 2026 / 5 min read
Learn password hashing basics for backend systems, including salts, slow hashes, peppers, verification, resets, storage risks, and common mistakes.
Backend / Jun 30, 2026 / 5 min read
Learn how multi-factor authentication works in web apps, including TOTP, WebAuthn, backup codes, recovery flows, step-up checks, and backend tradeoffs.
Backend / Jun 30, 2026 / 4 min read
Learn what session fixation is, how it affects web authentication, why session rotation matters, and how backend teams can prevent it.
Backend / Jun 29, 2026 / 4 min read
Compare authentication and authorization in backend systems, including identity checks, permissions, roles, scopes, sessions, tokens, and API enforcement.
Backend / Jun 30, 2026 / 4 min read
Compare RBAC and ABAC for backend authorization, including roles, attributes, policies, ownership checks, tenant context, and practical tradeoffs.
Backend / Jul 1, 2026 / 6 min read
Learn the principle of least privilege for backend systems, including users, services, API keys, database roles, cloud permissions, and operational tradeoffs.
Backend / Jul 2, 2026 / 5 min read
Learn service accounts for backend systems, including machine identity, API access, least privilege, secrets, rotation, audit logs, and risks.
Backend / Jan 28, 2026 / 5 min read
Understand JWT and server-side session authentication, including storage, revocation, scaling, security risks, and common backend use cases.
Backend / Jul 2, 2026 / 6 min read
Compare cookie and token authentication for backend apps, including sessions, JWTs, CSRF, XSS, storage, CORS, mobile clients, and API tradeoffs.
Backend / Apr 12, 2026 / 6 min read
Compare access tokens and refresh tokens in backend authentication, including lifetime, storage, rotation, revocation, and security tradeoffs.
Backend / Jun 30, 2026 / 5 min read
Learn how refresh token rotation works, why reuse detection matters, and how backend teams can design safer token refresh, logout, and revocation flows.
Backend / Jun 30, 2026 / 5 min read
Compare API keys and OAuth tokens for backend APIs, including identity, scopes, rotation, expiration, user context, service access, and security tradeoffs.
Backend / Jun 30, 2026 / 5 min read
Learn practical API key design best practices, including key format, prefixes, hashing, scopes, rotation, rate limits, audit logs, and safe storage.
Backend / Jul 2, 2026 / 6 min read
Learn API authentication best practices, including tokens, API keys, OAuth, mTLS, sessions, gateways, rotation, scopes, errors, and logging.
Backend / Jul 2, 2026 / 4 min read
Learn OAuth scopes for backend APIs, including permissions, consent, least privilege, access tokens, naming, validation, and common mistakes.
Backend / Jul 2, 2026 / 5 min read
Learn the OAuth client credentials flow for service-to-service APIs, including clients, secrets, scopes, tokens, rotation, and security risks.
Backend / Apr 19, 2026 / 6 min read
A backend-focused OAuth 2.0 guide covering roles, authorization code flow, PKCE, scopes, tokens, client credentials, and common mistakes.
Backend / Jun 29, 2026 / 5 min read
Compare OAuth 2.0 and OpenID Connect for backend developers, including authorization, login, ID tokens, access tokens, scopes, and common mistakes.
Backend / Jun 29, 2026 / 4 min read
Learn common JWT claims for backend authentication, including sub, iss, aud, exp, nbf, iat, jti, scopes, roles, tenant context, and validation mistakes.
Backend / May 3, 2026 / 7 min read
Compare CSRF and XSS attacks for backend developers, including how they work, why cookies and tokens matter, and practical defenses.
Backend / Jun 29, 2026 / 4 min read
Learn how CORS works for backend APIs, including origins, preflight requests, credentials, allowed headers, cookies, security limits, and common mistakes.
Backend / Jul 2, 2026 / 5 min read
Learn how CORS preflight requests work, including OPTIONS handling, allowed methods, headers, credentials, caching, errors, and backend mistakes.
Backend / Jun 30, 2026 / 4 min read
Learn practical secure HTTP headers for backend apps, including HSTS, CSP, X-Content-Type-Options, frame protection, referrer policy, and cookie-related limits.
Backend / Jun 30, 2026 / 5 min read
Learn how SameSite cookies affect browser authentication, CSRF risk, cross-site requests, OAuth redirects, iframes, and backend cookie design.
Backend / Jul 2, 2026 / 5 min read
Use this backend cookie security checklist for HttpOnly, Secure, SameSite, CSRF, session rotation, prefixes, expiration, domains, and testing.