#Security

Application security — threat modelling, secure coding, and vulnerability prevention.

4 Articles

Articles

Securing AI Agent Infrastructure: MCP Servers, Tool Calls, and the Attack Surface You're Not Watching

AI agents calling tools via MCP create new attack surfaces: prompt injection through tool responses, credential leakage, and unauthorized execution.

BackendBytes Engineering Team

Read

DNS Records: The Complete Production Guide for Backend Engineers

System Design

System Design•Mar 2•11 min read

DNS Records: The Complete Production Guide for Backend Engineers

Every DNS record type for production: A, CNAME, MX, TXT, CAA, SRV. TTL failover math, SPF/DKIM/DMARC, GeoDNS, and DNSSEC.

BackendBytes Engineering Team

Read

OAuth2 and OpenID Connect: Production Security Patterns

System Design

System Design•Feb 6•9 min read

OAuth2 and OpenID Connect: Production Security Patterns

OAuth2 flows with PKCE, refresh token rotation, theft detection, and JWT vs opaque token security tradeoffs for production.

BackendBytes Engineering Team

Read

Building an OAuth2 Authorization Server from Scratch

Backend Engineering

Backend Engineering•Oct 18•6 min read

Building an OAuth2 Authorization Server from Scratch

Understand OAuth2 by building the server side: authorization endpoint, PKCE validation, JWT generation, JWKS endpoint, and token rotation — all in Go.

BackendBytes Engineering Team

Read