Stay up to date with practical insights on backend engineering, system design, and building reliable software.
Authentication and authorization are necessary but not sufficient for API security. Mass assignment, excessive data exposure, injection vulnerabilities, and missing security headers are the gaps that survive code review and appear in penetration tests.
Read moreCredential rotation is a security requirement that most teams either skip or handle with a restart. Neither is acceptable. Here is how to rotate database passwords, API keys, JWT secrets, and third-party credentials in a running Spring Boot application.
Read moreHappy path tests confirm that your code functions under ideal conditions. They do almost nothing to protect you from the conditions that actually cause production incidents. Error paths, edge cases, and boundary conditions are where your tests need to live.
Read moreTests that pass locally and fail in CI — or pass in CI and break in production — usually reveal environment assumptions baked silently into the test design. Here is how to write tests that mean the same thing in every context.
Read moreYou've got funding, a roadmap, and three backend tickets that have been sitting untouched for six weeks. In Berlin's hiring market, that gap between what you need built and who's available to build it is expensive.
Read more