#OWASP

— 2 posts

Apr 15, 2026 · 22m

Security Attacks Every Engineer Should Know: A Field Guide to the Techniques Attackers Actually Use

A structural, named-technique-by-named-technique walkthrough of the attacks a modern web application has to defend against — injection, authentication flaws, XSS, CSRF, IDOR, SSRF, deserialization, race conditions, supply-chain attacks, and more — with how each works and what to do about it.

SecurityArchitectureOWASP

Mar 11, 2026 · 15m

OWASP Top 10 in a Real Node.js & Next.js App — Before/After

The 2021 OWASP Top 10, but with actual vulnerable Node.js and Next.js snippets and the fixes I ship in production. Concrete examples beat awareness posters.

SecurityNode.jsNext.js

Back to all articles