Knowledge Hub

Practitioner-grade cybersecurity content

Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.

Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.

Latest articles

Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.

Academy

Module 17 · Why HTTP Headers Are Programmable Trust

Application code routinely trusts HTTP headers. X-Forwarded-For for client IP. Host for routing. Origin for CORS. Each is attacker-controllable in some path.…

Apr 27, 2026 · 1 min read
Academy

Module 16 · The Three Types of Web Sessions

“Session” is overloaded: browser session (open tabs), server session (data keyed by session ID), application session (the user’s logical workflow). Each has…

Apr 27, 2026 · 1 min read
Academy

Module 15 · State Machines Have More Edges Than You Think

Every web app is a state machine. Order = pending → paid → shipped → delivered. State transitions have rules. The rules…

Apr 27, 2026 · 1 min read
Academy

Module 14 · Authentication vs Authorization Split

Authentication: who are you. Authorization: what can you do. Most security education conflates them. Most bugs live in the gap. An authenticated…

Apr 27, 2026 · 1 min read
Academy

Module 13 · Browser Origin Boundaries

Same-Origin Policy is the bedrock of web security. But “origin” has nuances: scheme matters, port matters, path doesn’t. Subdomains aren’t same-origin (they’re…

Apr 27, 2026 · 1 min read
Academy

Module 12 · The Cookie Confusion Cascade

Cookies are the most-misunderstood browser feature. Domain attribute, path, SameSite, Secure, HttpOnly, Partitioned — each affects when the browser sends the cookie.…

Apr 27, 2026 · 1 min read
Academy

Module 11 · Why Validation at Multiple Layers

Defence in depth is a phrase. Multi-layer validation is its application. Client-side validation catches user mistakes. Edge validation (WAF) catches bulk attacks.…

Apr 27, 2026 · 1 min read
Academy

Module 15 · Production AI Deployment Patterns

Production AI is engineering. Choices have security and cost implications. Hosting choices Pattern Privacy Cost Quality OpenAI / Anthropic / Google managed…

Apr 27, 2026 · 1 min read
Academy

Module 14 · AI Governance Frameworks

AI governance is the regulatory frame around technical safety. Major frameworks NIST AI RMF — voluntary US framework; maps risks across lifecycle…

Apr 27, 2026 · 1 min read
Academy

Module 13 · AI Security Evaluations

How do you know if your AI is safe enough? Structured evaluation. Eval categories Adversarial robustness — does it resist attacks? Toxicity…

Apr 27, 2026 · 1 min read
1 36 37 38 39 40 91