Lesson · Backend Security · Advanced
API Abuse Prevention Explained
Learn API abuse prevention for backend systems, including rate limits, authentication signals, quotas, bot patterns, logging, errors, and gateways.
Library · 77 lessons
Filter the curriculum without losing the original stable article URLs.
77 lessons
Lesson · Backend Security · Advanced
Learn API abuse prevention for backend systems, including rate limits, authentication signals, quotas, bot patterns, logging, errors, and gateways.
Lesson · Authentication · Intermediate
Use this backend cookie security checklist for HttpOnly, Secure, SameSite, CSRF, session rotation, prefixes, expiration, domains, and testing.
Lesson · Authentication · Advanced
Learn API authentication best practices, including tokens, API keys, OAuth, mTLS, sessions, gateways, rotation, scopes, errors, and logging.
Lesson · Authentication · Beginner
Compare cookie and token authentication for backend apps, including sessions, JWTs, CSRF, XSS, storage, CORS, mobile clients, and API tradeoffs.
Lesson · Authentication · Intermediate
Learn how CORS preflight requests work, including OPTIONS handling, allowed methods, headers, credentials, caching, errors, and backend mistakes.
Lesson · Authentication · Beginner
Learn the OAuth client credentials flow for service-to-service APIs, including clients, secrets, scopes, tokens, rotation, and security risks.
Lesson · Authentication · Beginner
Learn OAuth scopes for backend APIs, including permissions, consent, least privilege, access tokens, naming, validation, and common mistakes.
Lesson · Authentication · Beginner
Learn service accounts for backend systems, including machine identity, API access, least privilege, secrets, rotation, audit logs, and risks.
Lesson · Backend Security · Advanced
Learn security event logging for backend systems, including auth events, API abuse signals, safe metadata, alerting, retention, and mistakes.
Lesson · Backend Security · Advanced
Learn what audit logs are in backend systems, including actor, action, resource, timestamp, metadata, retention, privacy, and investigation workflows.
Lesson · API Design · Advanced
Learn how to design pagination metadata for REST APIs, including pageInfo, cursors, hasNextPage, limits, totals, links, sorting, and compatibility.
Lesson · System Design · Beginner
Learn database connection pooling for backend systems, including pool size, timeouts, leaks, max connections, queues, monitoring, and common mistakes.
Lesson · Java Collections · Beginner
Learn how HashMap collision handling works in Java, including buckets, hashCode, equals, tree bins, load factor, bad keys, and performance.
Lesson · System Design · Beginner
Learn database migration rollback strategies, including backward-compatible changes, expand-contract migrations, backups, deploy order, and recovery plans.
Lesson · Java Collections · Beginner
Learn Java equals and hashCode contracts, why they matter for HashMap and HashSet, common mistakes, records, mutability, and testing.
Lesson · Authentication · Advanced
Learn the principle of least privilege for backend systems, including users, services, API keys, database roles, cloud permissions, and operational tradeoffs.
Lesson · System Design · Beginner
Learn the N+1 query problem in backend apps, including ORM loading, SQL examples, eager loading, batching, joins, query counts, and fixes.
Lesson · API Design · Beginner
Compare JSON Schema and OpenAPI Schema for backend API contracts, including validation, documentation, examples, tooling, and compatibility.
Lesson · Algorithms · Beginner
Learn prefix sums with Java examples, range-sum queries, subarray patterns, difference arrays, complexity, and when preprocessing is worth it.
Lesson · API Design · Beginner
Use this REST API design checklist to review resources, methods, status codes, errors, pagination, idempotency, versioning, auth, and OpenAPI docs.
Lesson · Backend Security · Advanced
Learn secret management for backend apps, including environment variables, secret stores, rotation, least privilege, logging risks, and deployment workflows.
Lesson · Algorithms · Beginner
Learn the sliding window algorithm pattern with Java examples, fixed windows, variable windows, two pointers, complexity, and common mistakes.
Lesson · API Design · Advanced
Learn Spring Boot REST controllers, including @RestController, request mappings, DTOs, validation, status codes, error responses, and testing.
Lesson · Algorithms · Beginner
Learn the two pointers algorithm pattern with Java examples for sorted arrays, pairs, partitions, linked lists, complexity, and common mistakes.
Lesson · Authentication · Advanced
Learn practical API key design best practices, including key format, prefixes, hashing, scopes, rotation, rate limits, audit logs, and safe storage.
Lesson · Authentication · Beginner
Compare API keys and OAuth tokens for backend APIs, including identity, scopes, rotation, expiration, user context, service access, and security tradeoffs.
Lesson · Java Collections · Beginner
Compare HashSet and TreeSet in Java by ordering, uniqueness, contains performance, null handling, memory cost, and practical backend use cases.
Lesson · Authentication · Beginner
Learn how multi-factor authentication works in web apps, including TOTP, WebAuthn, backup codes, recovery flows, step-up checks, and backend tradeoffs.
Lesson · Authentication · Beginner
Learn password hashing basics for backend systems, including salts, slow hashes, peppers, verification, resets, storage risks, and common mistakes.
Lesson · API Design · Beginner
Learn how OpenAPI describes REST APIs, including paths, operations, schemas, examples, auth, versioning, code generation, and contract review.
Lesson · API Design · Beginner
Compare PUT and PATCH in REST APIs, including replacement vs partial updates, idempotency, validation, status codes, and backend implementation choices.
Lesson · Authentication · Beginner
Compare RBAC and ABAC for backend authorization, including roles, attributes, policies, ownership checks, tenant context, and practical tradeoffs.
Lesson · Authentication · Beginner
Learn how refresh token rotation works, why reuse detection matters, and how backend teams can design safer token refresh, logout, and revocation flows.
Lesson · Java Collections · Advanced
Compare Queue and Deque in Java, including FIFO queues, double-ended operations, ArrayDeque, LinkedList, stack usage, and practical backend defaults.
Lesson · Authentication · Intermediate
Learn how SameSite cookies affect browser authentication, CSRF risk, cross-site requests, OAuth redirects, iframes, and backend cookie design.
Lesson · Authentication · Intermediate
Learn practical secure HTTP headers for backend apps, including HSTS, CSP, X-Content-Type-Options, frame protection, referrer policy, and cookie-related limits.
Lesson · Authentication · Beginner
Learn what session fixation is, how it affects web authentication, why session rotation matters, and how backend teams can prevent it.
Lesson · Java Collections · Beginner
Compare TreeMap and HashMap in Java by key ordering, lookup complexity, range queries, null handling, memory overhead, and backend use cases.
Lesson · Backend Security · Advanced
Learn how webhook signature verification works, including HMAC headers, raw request bodies, timestamps, replay protection, secret rotation, and safe failures.
Lesson · Authentication · Advanced
Learn what an API gateway does in backend architecture, including routing, authentication, rate limiting, observability, and tradeoffs.
Lesson · System Design · Intermediate
Learn how background jobs work in backend systems, including queues, workers, retries, scheduling, idempotency, and monitoring.
Lesson · System Design · Advanced
Learn common backend caching strategies, including cache-aside, write-through, write-behind, TTLs, invalidation, and cache stampede risks.
Lesson · System Design · Intermediate
Learn how the circuit breaker pattern protects backend services from cascading failures, with closed, open, and half-open states.
Lesson · Authentication · Beginner
Compare authentication and authorization in backend systems, including identity checks, permissions, roles, scopes, sessions, tokens, and API enforcement.
Lesson · Authentication · Intermediate
Learn how CORS works for backend APIs, including origins, preflight requests, credentials, allowed headers, cookies, security limits, and common mistakes.
Lesson · System Design · Intermediate
Learn what distributed locks are, when backend systems use them, why they are risky, and what safer alternatives to consider.
Lesson · System Design · Beginner
Learn what eventual consistency means in distributed systems, why stale reads happen, and how backend teams design around them.
Lesson · System Design · Beginner
Learn what database sharding is, when backend systems need it, how shard keys work, and what tradeoffs sharding creates.
Lesson · System Design · Beginner
Learn what database transactions are, why ACID matters, how commits and rollbacks work, and what backend developers should know.
Lesson · Authentication · Beginner
Learn common JWT claims for backend authentication, including sub, iss, aud, exp, nbf, iat, jti, scopes, roles, tenant context, and validation mistakes.
Lesson · System Design · Intermediate
Learn how message queues work in backend systems, including producers, consumers, retries, dead-letter queues, ordering, and idempotency.
Lesson · System Design · Advanced
Learn how load balancing distributes traffic across backend servers, including algorithms, health checks, sticky sessions, and tradeoffs.
Lesson · Authentication · Beginner
Compare OAuth 2.0 and OpenID Connect for backend developers, including authorization, login, ID tokens, access tokens, scopes, and common mistakes.
Lesson · Authentication · Advanced
Learn practical REST API error handling patterns, including status codes, stable error codes, field errors, request IDs, and safe messages.
Lesson · API Design · Intermediate
Learn safe backend retry patterns, including exponential backoff, jitter, retry budgets, idempotency, and when not to retry.
Lesson · API Design · Advanced
Learn how webhooks work in backend systems, including event delivery, signatures, retries, idempotency, and common design mistakes.
Lesson · Java Collections · Intermediate
Learn how binary search works, when it applies, common off-by-one mistakes, and how to implement iterative binary search in Java.
Lesson · API Design · Beginner
Learn practical API versioning strategies, including URL versions, header versions, backward compatibility, deprecation, and migration plans.
Lesson · Algorithms · Intermediate
Learn how database indexes work, why they speed up reads, when they slow down writes, and how backend developers should choose indexes.
Lesson · System Design · Beginner
Learn how optimistic locking prevents lost updates in backend systems using version columns, compare-and-swap updates, and 409 conflicts.
Lesson · Backend Security · Advanced
Learn how API rate limiting works, including fixed windows, sliding windows, token buckets, 429 responses, headers, and backend tradeoffs.
Lesson · Java Collections · Advanced
Learn common ways to solve top K elements problems with sorting, heaps, and Java PriorityQueue, including complexity tradeoffs.
Lesson · Java Collections · Beginner
A practical reference for Java collection time complexity, including ArrayList, LinkedList, HashMap, TreeMap, HashSet, and PriorityQueue.
Lesson · Authentication · Intermediate
Compare CSRF and XSS attacks for backend developers, including how they work, why cookies and tokens matter, and practical defenses.
Lesson · Authentication · Beginner
A backend-focused OAuth 2.0 guide covering roles, authorization code flow, PKCE, scopes, tokens, client credentials, and common mistakes.
Lesson · Authentication · Beginner
Compare access tokens and refresh tokens in backend authentication, including lifetime, storage, rotation, revocation, and security tradeoffs.
Lesson · API Design · Advanced
Compare offset, cursor, and keyset pagination for REST APIs, including tradeoffs, response shapes, sorting, and backend performance.
Lesson · API Design · Intermediate
Learn what idempotency means in API design, why retries create duplicate actions, and how idempotency keys protect backend workflows.
Lesson · Authentication · Advanced
Understand the HTTP status codes backend developers use most often in REST APIs, including 200, 201, 400, 401, 404, 409, and 500.
Lesson · Java Collections · Beginner
A practical explanation of ConcurrentHashMap in Java, including thread safety, atomic methods, iteration behavior, and common mistakes.
Lesson · Java Collections · Beginner
Learn what HashMap load factor means in Java, how it affects resizing, memory usage, collision risk, and lookup performance.
Lesson · Java Collections · Advanced
Compare ArrayList and LinkedList in Java by access patterns, insertion cost, memory overhead, and practical backend usage.
Lesson · Java Collections · Beginner
Learn Big-O notation with practical backend examples, including arrays, hash maps, sorting, nested loops, and database-like thinking.
Lesson · Authentication · Beginner
Understand JWT and server-side session authentication, including storage, revocation, scaling, security risks, and common backend use cases.
Lesson · API Design · Beginner
Compare REST and RPC API styles through resources, actions, payload design, caching, versioning, and backend team workflows.
Lesson · Java Collections · Advanced
Learn how Java PriorityQueue works, when to use it, how ordering is defined, and common pitfalls around iteration and custom comparators.
Lesson · Java Collections · Advanced
Compare HashMap and Hashtable in Java, including synchronization, null keys, performance, legacy status, and modern alternatives.
Try a broader course or clear the search phrase.