Security
Everything on SkillVeris tagged Security — collected across the glossary, study notes, blog, and cheat sheets.
145 resources across 4 libraries
Glossary Terms(1)
Study Notes(101)
Batch Script Security Considerations
Understand the common security vulnerabilities in Windows batch scripts, hardening techniques, and how tools like AppLocker help control what scripts can run.
Silverlight Security Sandbox
How Silverlight's partial-trust sandbox, isolated storage, and cross-domain policies protected users, and what changed once elevated trust was granted.
Authentication in WCF
How WCF authenticates callers via clientCredentialType options across transport and message security, including Windows, Certificate, UserName, and IssuedToken.
Transport vs Message Security
A deep comparison of how WCF's transport-level and message-level security mechanisms actually protect data, and the trade-offs between them.
WCF Security Modes
An overview of the five security modes WCF bindings expose — None, Transport, Message, TransportWithMessageCredential, and TransportCredentialOnly — and when t…
Security in Web Pages
Explore the WebSecurity helper for authentication and roles, and the built-in protections ASP.NET Web Pages provides against XSS and CSRF.
Authentication in MVC
How ASP.NET MVC applications verify user identity using Forms Authentication, ASP.NET Identity, OWIN middleware, and external login providers.
Authorization and Roles
How ASP.NET MVC restricts access to controllers and actions using the [Authorize] attribute, role-based checks, and custom policy-style filters.
Common GPO Settings
A tour of the most frequently configured Group Policy settings for security baselines, password policy, software restriction, and administrative templates.
Kerberos Authentication
How Active Directory's ticket-based Kerberos protocol authenticates users and services without repeatedly transmitting passwords, and how to diagnose its most…
Security Roles in Dataverse
Understand how Dataverse security roles, privileges, and access levels control who can see and do what with your data.
Authentication and AuthorizeView
Learn how Blazor's AuthenticationStateProvider, AuthorizeView, and the [Authorize] attribute work together to build authentication-aware UI.
Authentication with ASP.NET Core Identity
Learn how ASP.NET Core Identity manages users, passwords, and cookie-based sign-in for server-rendered and hybrid applications.
Authorization Policies and Roles
Learn how ASP.NET Core moves beyond simple role checks into flexible, claims-based authorization policies for fine-grained access control.
JWT Bearer Authentication
Understand how to secure ASP.NET Core Web APIs with stateless JSON Web Tokens issued and validated via the JWT bearer scheme.
Authentication and Storage State Reuse
Save and reuse Playwright's storageState to skip repeated UI logins, share auth across projects, and manage multiple user roles.
Handling Authentication in Tests
Learn how to bypass slow UI logins with programmatic authentication and cy.session() caching, and how to handle third-party SSO safely.
Hadoop Security with Kerberos
How Kerberos authentication secures a Hadoop cluster, covering the KDC, tickets, keytabs, SPNEGO, delegation tokens, and how authorization layers like Ranger b…
Row-Level Security
How Power BI restricts which data rows a user can see through DAX-defined roles, the static-vs-dynamic distinction, and what RLS does not protect.
Security and Permissions
The principal-securable-permission model in SQL Server, from logins and users to roles and the principle of least privilege.
Authorization Code with PKCE
The Authorization Code grant is OAuth 2.0's most secure and widely used flow, and PKCE hardens it further so it is safe for public clients like single-page app…
Common OAuth Vulnerabilities
A survey of the recurring implementation mistakes that turn OAuth 2.0 deployments into attack surfaces, from code interception to login CSRF.
OAuth vs Authentication
Clears up the most common OAuth misconception: OAuth 2.0 is an authorization protocol, not an authentication protocol, and explains where OpenID Connect fits i…
State and CSRF Protection
How the state parameter defeats login CSRF in OAuth flows, the entropy and storage requirements that make it effective, and why it complements PKCE.
Showing 24 of 101.
Cheat Sheets(31)
OWASP Security Cheat Sheet
OWASP Top 10 vulnerabilities, prevention strategies, and secure coding practices.
Java Spring Security Cheat Sheet
Covers Spring Security filter chain configuration, password encoding, method-level authorization, and JWT resource server setup for securing APIs.
OAuth & JWT Authentication Cheat Sheet
Explains OAuth 2.0 grant types, the Authorization Code plus PKCE flow, and JWT structure, claims, and verification for securing APIs.
Web Security Basics (XSS/CSRF) Cheat Sheet
Covers cross-site scripting and cross-site request forgery attacks with concrete examples and the defenses that stop them.
Cookies & Local Storage Cheat Sheet
Compares cookies, localStorage, and sessionStorage APIs, attributes, size limits, and security considerations for client-side data.
Database Security Best Practices Cheat Sheet
Covers access control, encryption at rest and in transit, SQL injection prevention, and auditing practices for securing production databases.
Supabase Basics Cheat Sheet
Introduces Supabase's Postgres database, auto-generated REST API, authentication, Row Level Security, and realtime subscriptions using the CLI and JS client.
Cloud Security Fundamentals Cheat Sheet
Foundational cloud security concepts including the shared responsibility model, encryption, network controls, and identity hardening.
Cloud Networking (VPC) Basics Cheat Sheet
Covers VPC fundamentals including subnets, route tables, security groups, NAT gateways, and peering using AWS terminology.
Container Security Scanning Cheat Sheet
Tools and workflows for scanning container images for vulnerabilities, misconfigurations, and secrets before deployment.
Service Mesh (Istio) Cheat Sheet
Core Istio concepts for traffic management, mTLS security, and observability using sidecar proxies in a Kubernetes cluster.
API Gateway Patterns Cheat Sheet
Architectural patterns for API gateways covering routing, rate limiting, authentication, and request aggregation.
Vault (Secrets Management) Cheat Sheet
Reference for HashiCorp Vault covering the CLI, KV secrets engine, dynamic secrets, authentication methods, and policies.
Network Security Fundamentals Cheat Sheet
Covers core network security concepts including segmentation, defense-in-depth, common attack vectors, and essential hardening practices.
Penetration Testing Basics Cheat Sheet
Introduces the penetration testing methodology, phases, common toolsets, and reporting practices used in authorized security assessments.
Wireshark Cheat Sheet
Covers Wireshark capture filters, display filters, and common workflows for analyzing network traffic and diagnosing security incidents.
Cross-Site Scripting (XSS) Prevention Cheat Sheet
Covers the three main XSS variants and concrete output-encoding, sanitization, and CSP techniques to prevent script injection in web apps.
Cryptography Basics Cheat Sheet
Introduces symmetric and asymmetric encryption, hashing, and digital signatures with practical examples of correct algorithm usage.
Firewall Configuration Cheat Sheet
Covers practical firewall rule syntax for iptables and cloud security groups, plus best practices for default-deny policies.
Zero Trust Architecture Cheat Sheet
Explains zero trust principles, core architectural components, and practical steps for shifting from perimeter-based to identity-based security.
Identity & Access Management (IAM) Cheat Sheet
Covers IAM core concepts including authentication protocols, RBAC/ABAC models, and provisioning lifecycle for enterprise access control.
Multi-Factor Authentication Cheat Sheet
Covers MFA factor types, common protocols like TOTP and WebAuthn, and implementation guidance for adding MFA to an application.
Security Incident Response Cheat Sheet
Covers the standard incident response lifecycle, containment strategies, and evidence handling for effectively managing security incidents.
Password Security Best Practices Cheat Sheet
Summarizes modern password hygiene, hashing standards, and multi-factor authentication practices for individuals and engineering teams.
Showing 24 of 31.
Interview Questions(12)
Kernel Mode vs User Mode
Kernel mode is a privileged CPU execution state where the operating system can execute any instruction and access all hardware directly, while user mode is a r…
What are Memory Protection Mechanisms?
Memory protection mechanisms are hardware- and OS-enforced controls -- base/limit registers, per-page permission bits, and separate virtual address spaces -- t…
What is Wireshark?
Wireshark is a free, open-source network protocol analyzer that captures traffic passing through a network interface and lets an engineer inspect every packet…
What Is OAuth?
OAuth is an authorization framework that lets a user grant a third-party application limited access to their resources on another service, without ever sharing…
What Are the Main API Authentication Methods?
The most common API authentication methods are API keys for simple service-to-service identification, HTTP Basic Auth for quick but weak username/password chec…
What Is Refresh Token Rotation?
Refresh token rotation is a security pattern where every time a refresh token is used to obtain a new access token, the server also issues a brand-new refresh…
IndexedDB vs localStorage vs Cookies: When Do You Use Each?
Cookies are small, automatically sent-with-every-HTTP-request key-value pairs meant for server-visible state like session identifiers, localStorage is a synchr…
What Happens During a TLS Handshake?
A TLS handshake is the process by which a client and server agree on cryptographic parameters, verify the server’s identity via its certificate, and derive a s…
What Are Form Validation Strategies on the Web?
Robust web form validation layers three checks: instant client-side feedback using HTML constraint attributes and JavaScript for UX, and authoritative server-s…
How Do You Handle File Uploads on the Web?
Web file uploads are handled by sending file data as multipart/form-data (or via a pre-signed direct-to-storage URL for large files), validating type and size…
What Is a Kubernetes Secret?
A Kubernetes Secret is an API object used to store and manage small amounts of sensitive data, such as passwords, API keys, or TLS certificates, separately fro…
What is a Kubernetes ServiceAccount?
A Kubernetes ServiceAccount is an identity that Pods use to authenticate to the Kubernetes API server, distinct from user accounts that human operators use, an…