Building secure foundations for the modern web.
DevSec-Archive is an exhaustive technical knowledge base dedicated to the synergy between high-performance Backend development and proactive Cybersecurity. This library archives best practices, architectural patterns, and security paradigms for API development and server-side infrastructure.
The goal of this repository is to bridge the gap between "making it work" and "making it secure." Here, you will find resources on securing REST/GraphQL endpoints, implementing robust authentication flows, and hardening backend services against modern attack vectors.
📖 Backend Engineering
- HTTP Fundamentals
- REST API Design
- GraphQL
- WebSockets
- Authentication & Authorization
- Session Management
- API Versioning
- Caching Strategies
- File Uploads
- Background Jobs
- Event-Driven Architecture
- Microservices
- API Gateway
- Backend Design Patterns
- Clean Architecture
- Domain-Driven Design (DDD)
🛡️ Cybersecurity
- Web Application Security
- Authentication Security
- API Security
- OWASP Top 10
- OWASP API Security Top 10
- Cryptography
- Password Security
- JWT Security
- OAuth 2.0 & OpenID Connect
- Secure Coding Practices
- Security Headers
- CORS
- CSRF
- XSS
- SQL Injection
- SSRF
- Command Injection
- File Upload Security
- Secrets Management
- Zero Trust Architecture
- Threat Modeling
🌐 Networking
- Computer Networks
- OSI Model
- TCP/IP
- HTTP/HTTPS
- DNS
- TLS & SSL
- Reverse Proxies
- Load Balancers
- Firewalls
- VPN
- CDN
- WebSockets
- HTTP/2 & HTTP/3
- gRPC
- SSH
- SMTP
- DNS Security
💾 Databases
- SQL
- PostgreSQL
- MySQL
- MongoDB
- Redis
- Database Indexing
- Transactions
- ACID
- Isolation Levels
- Query Optimization
- Database Security
🔐 Cryptography
- Hash Functions
- Password Hashing
- Digital Signatures
- PKI
- Certificates
- AES
- RSA
- ECC
- HMAC
- JWT
- JWS
- JWE
- JWK
- TLS Handshake
📚 Best Practices
- Secure API Checklist
- Backend Checklist
- Security Checklist
- Production Readiness
- Performance Optimization
- Logging Best Practices
- Error Handling
- Code Review Guide
📖 Reference
- RFC Collection
- Cheat Sheets
- Books
- Whitepapers
- Tools
- Glossary
- Interview Questions
- Backend Engineers who want to write hardened code.
- Security Enthusiasts exploring the server-side attack surface.
- DevSecOps Practitioners looking for automation and integration tips.
While the concepts are language-agnostic, our primary implementations and analysis revolve around:
- Languages: Python, Go, TypeScript(More Language will add over time)
- Infrastructure: Docker, Linux (Void/BlackArch/Kali)
- Architecture: Microservices, API Gateways, Zero Trust Models
Security is a community effort. If you have an article, a pattern, or a fix to suggest, feel free to open a Pull Request. Please follow our CONTRIBUTING.md guidelines.
This project is licensed under the MIT License - see the LICENSE file for details.
Maintained with curiosity by ItsWanheda