# security

10 posts

CSRF, XSS & SQL Injection — Practical Prevention in Spring Boot

Understand CSRF, XSS, and SQL injection attacks — what they are, how they exploit web applications, and how to prevent each one in Spring Boot with practical examples.

Security Feb 1, 2026

Spring Security — Role-Based Access Control (RBAC)

Implement role-based access control in Spring Boot 4 — roles vs authorities, @PreAuthorize, method-level security, hierarchical roles, and database-backed permissions.

Security Jan 20, 2026

Secure CI/CD — Signing APKs, Protecting Secrets in GitHub Actions

Secure your Android CI/CD pipeline — APK signing in GitHub Actions, keystore management, secret protection, artifact verification, and supply chain security.

Security Nov 15, 2025

API Rate Limiting & Abuse Prevention

Implement API rate limiting — token bucket, sliding window, per-user and per-IP limits, Spring Boot implementation with Bucket4j, and abuse prevention strategies.

Security Nov 1, 2025

CORS Explained — Why Your API Rejects Frontend Requests

Understand CORS from the ground up — what it is, why browsers enforce it, preflight requests, how to configure it in Spring Boot, and common debugging tips.

Security Oct 15, 2025

Secrets Management — Environment Variables, Vault & Sealed Secrets

How to manage secrets in production — environment variables, HashiCorp Vault, Kubernetes Sealed Secrets, and patterns for keeping credentials out of code.

Security Oct 1, 2025

Securing Android Apps — Certificate Pinning, ProGuard & Network Security Config

Harden your Android app — network security configuration, certificate pinning, ProGuard/R8 obfuscation, encrypted storage, and preventing reverse engineering.

Security Sep 15, 2025

API Security Checklist — OWASP Top 10 for Backend Developers

A practical API security checklist covering authentication, authorization, input validation, rate limiting, and the OWASP API Security Top 10 risks.

Security Sep 1, 2025

JWT Deep Dive — Structure, Signing, Validation & Common Mistakes

Understand JSON Web Tokens from the inside — header, payload, signatures, HMAC vs RSA, token validation, refresh strategies, and the mistakes that lead to security breaches.

Security Aug 15, 2025

OAuth 2.0 & OpenID Connect — How Authentication Actually Works

Understand OAuth 2.0 and OpenID Connect from the ground up — flows, tokens, scopes, and how to implement Google/GitHub login in your app without the confusion.

Security Aug 1, 2025