Skip to content

ItsWanheda/DevSec-Archive

Repository files navigation

DevSec-Archive

Building secure foundations for the modern web.

DevSec-Archive is an exhaustive technical knowledge base dedicated to the synergy between high-performance Backend development and proactive Cybersecurity. This library archives best practices, architectural patterns, and security paradigms for API development and server-side infrastructure.


🛡️ Mission

The goal of this repository is to bridge the gap between "making it work" and "making it secure." Here, you will find resources on securing REST/GraphQL endpoints, implementing robust authentication flows, and hardening backend services against modern attack vectors.

📂 Repository Structure

📖 Backend Engineering

  • HTTP Fundamentals
  • REST API Design
  • GraphQL
  • WebSockets
  • Authentication & Authorization
  • Session Management
  • API Versioning
  • Caching Strategies
  • File Uploads
  • Background Jobs
  • Event-Driven Architecture
  • Microservices
  • API Gateway
  • Backend Design Patterns
  • Clean Architecture
  • Domain-Driven Design (DDD)

🛡️ Cybersecurity

  • Web Application Security
  • Authentication Security
  • API Security
  • OWASP Top 10
  • OWASP API Security Top 10
  • Cryptography
  • Password Security
  • JWT Security
  • OAuth 2.0 & OpenID Connect
  • Secure Coding Practices
  • Security Headers
  • CORS
  • CSRF
  • XSS
  • SQL Injection
  • SSRF
  • Command Injection
  • File Upload Security
  • Secrets Management
  • Zero Trust Architecture
  • Threat Modeling

🌐 Networking

  • Computer Networks
  • OSI Model
  • TCP/IP
  • HTTP/HTTPS
  • DNS
  • TLS & SSL
  • Reverse Proxies
  • Load Balancers
  • Firewalls
  • VPN
  • CDN
  • WebSockets
  • HTTP/2 & HTTP/3
  • gRPC
  • SSH
  • SMTP
  • DNS Security

💾 Databases

  • SQL
  • PostgreSQL
  • MySQL
  • MongoDB
  • Redis
  • Database Indexing
  • Transactions
  • ACID
  • Isolation Levels
  • Query Optimization
  • Database Security

🔐 Cryptography

  • Hash Functions
  • Password Hashing
  • Digital Signatures
  • PKI
  • Certificates
  • AES
  • RSA
  • ECC
  • HMAC
  • JWT
  • JWS
  • JWE
  • JWK
  • TLS Handshake

📚 Best Practices

  • Secure API Checklist
  • Backend Checklist
  • Security Checklist
  • Production Readiness
  • Performance Optimization
  • Logging Best Practices
  • Error Handling
  • Code Review Guide

📖 Reference

  • RFC Collection
  • Cheat Sheets
  • Books
  • Whitepapers
  • Tools
  • Glossary
  • Interview Questions

🚀 Built for

  • Backend Engineers who want to write hardened code.
  • Security Enthusiasts exploring the server-side attack surface.
  • DevSecOps Practitioners looking for automation and integration tips.

🛠 Tech Focus

While the concepts are language-agnostic, our primary implementations and analysis revolve around:

  • Languages: Python, Go, TypeScript(More Language will add over time)
  • Infrastructure: Docker, Linux (Void/BlackArch/Kali)
  • Architecture: Microservices, API Gateways, Zero Trust Models

🤝 Contributing

Security is a community effort. If you have an article, a pattern, or a fix to suggest, feel free to open a Pull Request. Please follow our CONTRIBUTING.md guidelines.

📜 License

This project is licensed under the MIT License - see the LICENSE file for details.


Maintained with curiosity by ItsWanheda

About

A curated technical library covering the intersection of Backend Engineering, API Architecture, and Cybersecurity. Built for those who build secure systems.

Topics

Resources

Code of conduct

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors