The Security Architecture Site
Security Architecture Guidelines and Best Practices
Application Security
Advanced Web Application Firewall
Covers advanced bot protection using TLS/HTTP fingerprinting and behavioural analysis, account takeover detection and response, and client-side protection including CSP, SRI, Trusted Types, and page integrity monitoring.
Web Application Firewall
Covers WAF deployment modes, negative and positive security models, OWASP CRS, tuning methodology, bypass techniques, origin protection, rate limiting, and DevSecOps integration.
Web Server Hardening
Covers web server hardening for Nginx and Apache including TLS configuration, HTTP security headers, Content Security Policy, method restrictions, directory listing, request limits, rate limiting, error handling, and logging.
Cryptography
Encryption
A comprehensive guide to encryption principles, algorithms, key management, and best practices for security architects.
SSL/TLS Certificates
Covers certificate validation levels, dedicated vs wildcard vs multi-domain SAN certificates, when to use each, lifecycle management, private key security, revocation, and internal PKI.
Data Security
Endpoint Security
Windows Server Hardening
A comprehensive guide to hardening Windows Server installations covering minimal install, account security, network protocol hardening, credential protection, audit logging, and domain controller-specific controls.
Windows Workstation Hardening
A layered approach to hardening Windows workstations covering BitLocker, Credential Guard, application control, and audit logging.