System Design / Cloud / Code
Real-world system design, backend patterns, and practical guides for engineers who build at scale.
Browse all postsA developer-friendly introduction to penetration testing. Covers reconnaissance, common attack vectors, tools (Burp Suite, nmap, OWASP ZAP), writing security test cases, and how to think like an attacker without being one.
The OWASP Top 10 through the lens of cloud-native applications. Covers how each vulnerability manifests in AWS/GCP/Azure environments, with cloud-specific attack vectors and defenses for serverless, containers, and microservices.
How to build security observability in AWS using CloudTrail, CloudWatch, and Athena. Covers audit logging, anomaly detection, SIEM integration, and building custom security dashboards.
Build automated security remediation using AWS Lambda, EventBridge, and Config Rules. Auto-close open security groups, revoke public S3 buckets, and enforce tagging — with real Lambda code examples.
Build an effective security incident response process. Covers incident classification, runbooks, ticketing workflows, communication templates, and post-incident reviews — with practical examples for cloud environments.
Deep dive into AWS IAM security best practices. Covers permission boundaries, SCPs, assume role chains, session policies, and how to audit IAM for least-privilege access in production environments.
A hands-on guide to securing Docker containers and Kubernetes clusters. Covers image scanning, rootless containers, network policies, pod security standards, and runtime threat detection.
A comprehensive guide to software supply chain security. Covers SLSA framework, dependency pinning, reproducible builds, provenance verification, and lessons from real-world supply chain attacks (SolarWinds, Log4Shell, xz).
Automate compliance for SOC2 and ISO 27001 using infrastructure as code, continuous monitoring, and policy-as-code tools. Covers AWS Config, Open Policy Agent, and building evidence collection pipelines.
How to detect and manage vulnerable dependencies across hundreds of repositories. Covers SCA tools (Snyk, Dependabot, Trivy), SBOM generation, vulnerability prioritization, and building an automated remediation pipeline.
Understand why code signing matters and how to implement it. Covers signing Git commits, Docker images (cosign/Notary), npm packages, and building a chain of trust from developer to production.
Learn how to adopt a security-first mindset as a software engineer. Covers threat modeling, attack surfaces, defense in depth, and the principle of least privilege — with real-world examples from cloud environments.
A practical guide to secrets management in cloud environments. Compare HashiCorp Vault, AWS SSM Parameter Store, and AWS Secrets Manager — with implementation patterns, rotation strategies, and common pitfalls.
How to build a complete security pipeline integrated into your CI/CD. Covers SAST, DAST, SCA, secret scanning, infrastructure scanning, and how to shift security left without slowing down developers.
Build a real cloud security scanner from scratch using Python and AWS APIs. Scan for open security groups, public S3 buckets, unencrypted volumes, overly permissive IAM policies, and generate a security report.
Connect Node.js to PostgreSQL using pg, Knex.js, and Prisma ORM. Learn connection pooling, migrations, transactions, and query optimization
Build real-time applications with WebSockets and Socket.io in Node.js — rooms, namespaces, scaling with Redis adapter, and handling reconnection
Build robust error handling and structured logging for production Node.js apps using Winston, Pino, custom error classes, and centralized error middleware
Use Redis with Node.js for caching, session storage, pub/sub messaging, rate limiting, and distributed locks using ioredis
Comprehensive testing strategies for Node.js applications with Jest, Supertest, and Testcontainers — from unit tests to end-to-end API testing
Implement secure authentication in Node.js using JWT tokens, server-side sessions, and OAuth 2.0 with Passport.js and best security practices
Build a complete production-ready REST API with Node.js, Express, PostgreSQL, Redis, JWT auth, testing, Docker, and CI/CD — putting it all together
Master MongoDB with Mongoose in Node.js — schema design, indexing strategies, population, aggregation pipelines, and common anti-patterns to avoid
Handle file uploads in Node.js with Multer, stream large files to AWS S3, generate presigned URLs, and implement multipart uploads for large files
Implement reliable message queuing in Node.js with RabbitMQ (amqplib) and AWS SQS. Learn exchange types, dead letter queues, retry patterns, and guaranteed delivery
Profile and optimize Node.js applications — find memory leaks, reduce event loop lag, use worker threads, cluster mode, and caching strategies
A comprehensive guide to building production-ready REST APIs with Express.js and Nest.js, covering routing, middleware, validation, and best practices
Deploy Node.js applications to AWS using ECS Fargate, Lambda, and Elastic Beanstalk — with CI/CD pipelines, auto-scaling, and monitoring
Containerize Node.js applications with Docker — multi-stage builds, Docker Compose for development, health checks, security best practices, and production optimization
Understand the Node.js event loop, its phases, microtasks vs macrotasks, and how non-blocking I/O actually works under the hood with libuv
A practical guide to building Claude Code custom skills for engineering workflows — automated code reviews, security scanning, test generation, commit hygiene, and CI integration with real skill definitions you can use today.
A practical guide to building an AI-powered voicebot for visitor check-in at offices and buildings — covering STT/TTS pipeline, LLM conversation design, error handling, fallback strategies, latency optimization, and the real-world problems nobody warns you about.
A comprehensive guide to server security best practices covering SSH hardening, firewall configuration, TLS setup, privilege escalation prevention, logging, automated patching, and incident response for production Linux servers.
