16 docs tagged with "security-architecture"

Secure code, validate inputs, test for vulnerabilities, and manage dependencies

Implement multi-factor authentication, federated identity, and single sign-on

Control what authenticated users can do using role, attribute, relationship, or policy-based models

The core building blocks of systems: components, the connectors between them, and the configurations that shape runtime behavior.

Prevent cross-site forgery, clickjacking, and control cross-origin access

Encrypt data at rest and in transit, manage keys, and protect sensitive information

Encrypt data stored in databases, files, and backups using envelope encryption

Secure communication channels with TLS and mutual TLS authentication

Hash passwords securely and protect sensitive data using cryptographic hashing

Manage who can access what, how they prove identity, and how access is controlled

Validate all input and encode output to prevent injection attacks

Manage encryption keys securely with HSM/KMS, implement rotation, and separate keys by purpose

Securely store, manage, and rotate API keys, passwords, and encryption keys

Manage session lifecycles, token strategies, and secure token rotation

Master the fundamentals of systems thinking for software architecture: components, connectors, configurations, interfaces, and abstractions to reason about change, risk, and evolution.

Replace sensitive data with tokens or pseudonyms for privacy and compliance