Web application security articles

Offensive and defensive security for builders.

Practical writing on how web applications break, how teams defend them, and how security engineers can turn reviews, threat models, and hardening work into useful engineering outcomes.

Primary topics

OWASP Top 10 Threat Modeling API Security Secure SDLC Cloud Security Security Automation

Featured

Start here

All articles →

Defensive Security 26 Jul 2025 3 min read

Application Security: Understanding Threat Modeling for Modern Security Reviews

A practical guide to using threat modeling to keep security reviews useful, focused, and tied to real engineering decisions.

Threat ModelingSecure DesignAppSec

Security Culture 20 Jan 2025 4 min read

So You Got Hacked: Whose Fault Is It?

A plain-language look at accountability after a breach, and how teams can turn blame into better engineering habits.

RiskAccountabilitySecurity Reviews

Latest blogs

Web, application, and cloud security notes

Defensive Security 15 Nov 2025 3 min read

How to Optimize Docker Images for Speed & Security

Security-first techniques for building container images that are lean, fast, and easier to harden.

DockerHardeningSupply Chain

Defensive Security 7 Sept 2025 4 min read

Threat Modeling with STRIDE: A Practical Walkthrough

A walkthrough of STRIDE using a simple web application architecture, designed for teaching and real-world review sessions.

STRIDEArchitectureWeb Apps

Web Fundamentals 25 Jun 2023 5 min read

What is an API? A Beginner’s Guide

A simple explanation of APIs and how applications communicate, useful groundwork for web application security thinking.

APIsWeb AppsBeginners

Career 9 Nov 2024 3 min read

How to Start Your Career in Cybersecurity: A Friendly Guide

A beginner-friendly path into cybersecurity, including how to learn the fundamentals without getting lost in noise.

LearningCybersecurityCareer