Networking & Security
From TCP/IP fundamentals to zero-trust security and compliance
OSI ModelSeven layers, responsibilities, protocols at each layer›TCP vs UDPConnection-oriented vs connectionless, flow control, congestion control›HTTP/1.1 vs HTTP/2 vs HTTP/3Multiplexing, header compression, QUIC, head-of-line blocking›DNSResolution process, record types, TTL, GeoDNS, Route 53›TLS / SSLHandshake, certificate chain, mTLS, certificate rotation, HSTS›Load BalancingL4 vs L7, algorithms (round-robin, least connections, IP hash), sticky sessions›Reverse Proxy & API Gatewaynginx, Envoy, Kong, AWS API Gateway; routing, auth, rate limiting›CDNEdge caching, origin shield, cache invalidation, Cloudflare, CloudFront›Zero Trust ArchitectureNever trust/always verify, microsegmentation, identity-aware proxy›Network SecurityVPC security groups, NACLs, firewall rules, DDoS mitigation, IDS/IPS›AuthenticationOAuth 2.0 flows, OIDC, JWT structure, SAML 2.0›SSO & FederationSAML, OIDC federation, identity providers (Okta, Entra ID)›Multi-Factor AuthenticationTOTP, FIDO2/WebAuthn, push-based MFA›AuthorizationRBAC, ABAC, PBAC, policy-as-code (OPA, Cedar)›EncryptionSymmetric (AES-256), asymmetric (RSA, ECC), key management lifecycle›OWASP Top 10Injection, broken auth, XSS, IDOR, security misconfiguration, SSRF›Secure SDLCThreat modeling (STRIDE), SAST/DAST, dependency scanning, security gates›API SecurityRate limiting, input validation, CORS, schema validation, API keys vs OAuth›