The Browser Security Model: Origins, CORS, and CSP
Design browser-facing systems by separating origin isolation, cross-origin read permission, credentials, execution policy, and embedding controls.
2026-06-27 · 13 min read
Design browser-facing systems by separating origin isolation, cross-origin read permission, credentials, execution policy, and embedding controls.
2026-06-27 · 13 min read
Treat uploaded files as untrusted byte streams until bounded ingestion, type validation, quarantine, scanning, and authorized publication succeed.
2026-06-18 · 14 min read
Compare RBAC, ABAC, and ReBAC by how they express policy, preserve tenant boundaries, support revocation, and produce testable decisions.
2026-05-25 · 15 min read
Defend LLM applications by modeling prompt injection as a trust-boundary and capability problem, then verify controls with adversarial tests and operational evidence.
2026-05-14 · 13 min read
Choose sessions, JWTs, and OAuth 2.0 safely with correct cookies, token verification, PKCE, rotation, revocation, and service authentication.
2026-04-23 · 14 min read