Security

The OWASP LLM Top 10 exists because shipping an LLM to production without a security model is a new category of risk that the existing web application security playbook doesn’t fully cover. Prompt injection has held the #1 spot on that list since the first version was published, and it’s not there because researchers think it might be a problem someday. It’s been demonstrated against production systems at companies that knew what they were doing.

Add HTTP-layer production patterns for password reset, refresh-token rotation, reuse detection, and secret rotation in APIs.

Revised, split, and expanded — The two halves of this article are now separate chapters in the MAF v1: Python and .NET series: the auth + hardening half is covered by MAF v1 — 20c production hardening (with the password reset, refresh-token rotation, and graceful secret rotation that the original missed), and the deployment half is covered by MAF v1 — 25 deployment (with the .NET twin Dockerfile and a dev.sh that polls instead of sleeping). The architecture below is still the canonical reference for the combined story.

Docker has introduced comprehensive MCP (Model Context Protocol) tooling that enables organizations to build custom catalogs with complete control over AI tool access. With over 220+ containerized MCP servers available and the ability to create private catalogs, enterprises can now deploy AI tooling with appropriate security guardrails.

Introduction # Role-Based Access Control (RBAC) is a critical component of secure application design that restricts access to resources based on user roles and permissions. This article explores how the Contact Management Application implements a flexible and maintainable RBAC system that covers both the backend API and frontend Angular application, integrating with JWT authentication to secure endpoints and UI elements while maintaining the separation of concerns that Clean Architecture demands.