Digital Garden
OWASP API Advanced Controls
Initializing search
serhiismetanskyi/digital-garden
Digital Garden
serhiismetanskyi/digital-garden
Home
About
Architecture & Design
Architecture & Design
API Architectures
API Architectures
REST
REST
REST: Architecture and HTTP Layer
REST: Data Schema and Validation
REST: Querying Layer
REST: Caching, Concurrency and Idempotency
REST: Error Model, Security and Versioning
REST: Testing Plan and Risks
REST API: Code Examples (Python + Pydantic + Playwright)
GraphQL
GraphQL
GraphQL: Schema, Architecture and Execution Model
GraphQL: Queries, Performance and Caching
GraphQL: Testing Plan and Risks
GraphQL: Code Examples (Python + Pydantic + Playwright)
GraphQL: APQ and Safelisting Rollout
gRPC
gRPC
gRPC: Contract Layer, Transport and Serialization
gRPC: Communication Patterns, Code Generation and Error Model
gRPC: Testing Plan and Risks
gRPC: Code Examples (Python + Pydantic + Playwright)
gRPC: Retry and Hedging Policy
WebSocket
WebSocket
WebSocket: Protocol, Communication and Messages
WebSocket: State Management, Scaling and Backpressure
WebSocket: Testing Plan and Risks
WebSocket: Code Examples (Python + Pydantic + Playwright)
WebSocket: Reliability Pattern
Cross Cutting
Cross Cutting
Cross-Cutting: Security and Observability
Cross-Cutting: Performance, Scalability and Reliability
Cross-Cutting: SLO, Error Budget, Incident Playbook
Decision Factors
Decision Factors
API Architecture: Decision Factors and Comparison Guide
Client–Server Architecture
Client–Server Architecture
Core Model
Core Model
Client-Server Architecture: Core Model
Client-Server: API Architectures Overview
Edge Layer
Edge Layer
Edge Layer: CDN and Load Balancers
Edge Layer: Reverse Proxy, Forward Proxy, API Gateway, WAF
Traffic Service Mesh
Traffic Service Mesh
Traffic Management
Service Layer and Service Mesh
Connections Backpressure
Connections Backpressure
Connection Management
Backpressure and Flow Control
Client Scalability Performance
Client Scalability Performance
Client Architecture
Scalability
Performance
Reliability Security Observability
Reliability Security Observability
Reliability
Security
Observability
Testing Risks Patterns
Testing Risks Patterns
Testing
Risks, Limitations, and Anti-Patterns
Real-World Patterns and Decision Factors
Software Design Patterns and Principles
Software Design Patterns and Principles
Design Principles
Design Principles
OOP — Fundamentals
Design Principles: SOLID
Design Principles: Beyond SOLID
Clean Code
Code Quality Tools
Creational Patterns
Creational Patterns
Creational Patterns
Structural Patterns
Structural Patterns
Structural Patterns: Adapter, Decorator, Facade
Structural Patterns: Proxy, Composite, Bridge, Flyweight
Behavioral Patterns
Behavioral Patterns
Behavioral Patterns: Strategy, Observer, Command
Behavioral Patterns: Chain of Responsibility, State, Mediator
Behavioral Patterns: Iterator, Template Method, Visitor
Composition Architectural
Composition Architectural
Composition and Advanced Structuring Patterns
Architectural Patterns: Layered, Clean, Hexagonal
Architectural Patterns: Microservices, Event-Driven, Isomorphic
Queues vs Streams: Message Delivery, Ordering & Reliability
Frontend Cross Layer
Frontend Cross Layer
View Layer Patterns
Cross-Layer Design Patterns
Decisions Testing Production
Decisions Testing Production
Pattern Comparison and Testing Strategies
Anti-Patterns, Real-World Usage, Heuristics, and Decision Factors
Microservice Production Readiness Checklist
Agentic AI Architecture
Agentic AI Architecture
Agentic AI — Fundamentals & Core Components
Multi-Agent Architecture Patterns
Memory & Retrieval-Augmented Generation (RAG)
Tool Integration & Prompt Engineering
LLM Configuration, Model Selection & Security
Testing, Evaluation & Observability
Agentic Search & Context Engineering (2025+)
Vectorless RAG
AI Skills for Coding Agents
AI Skills for Coding Agents
What Is a Skill
How Agents Load Skills
Skill Packaging
Orchestration & Workflows
Evaluation & Security
Cross-Agent Compatibility
Claude Code Best Practices
Claude Code Hooks & Agents
Claude Code Workflow Patterns
Claude Code Advanced Config
Model Context Protocol (MCP)
AGENTS.md Standard
SKILL.md Playground
AGENTS.md Playground
Claude Code Project Structure
Security
Security
Code Security
Code Security
Secrets & Leak Prevention
Dependency Security
Code Analysis & Secure Review
Auth, Config & Security Headers
CI/CD & Monitoring
Security Audit Checklist
OWASP API Security
OWASP API Security
OWASP API Security: Recommendations and Best Practices
OWASP API Security Testing Checklist
OWASP API Advanced Controls
OWASP LLM Security
OWASP LLM Security
OWASP LLM Security Guide (2026)
OWASP LLM Security Testing Checklist (2026)
QA & Testing
QA & Testing
QA & Testing Methodology
QA & Testing Methodology
QA & Testing Fundamentals, Levels & Types
Test Design Techniques, Test Case Design & Test Planning
Test Execution, Defect Management & Environments
Test Automation, SDLC, Agile & Risk-Based Testing
Metrics, Documentation, Best Practices & QA Roles
TDD, BDD & ATDD
Release Quality Gates, Flaky Tests & Templates
Shift-Right Testing, SLO/Error Budget & AI-Assisted QA (2026)
Exploratory Testing & Session-Based Test Management
Requirements Quality & Testability
Defect Triage, Root Cause Analysis & CAPA
Coverage Strategy
Test Estimation & Effort Planning
Domain-Specific QA
Shift-Left Testing
Test Design Techniques
Test Design Techniques
Input Based
Input Based
Equivalence Partitioning
Boundary Value Analysis
Pairwise Testing
Logic State Based
Logic State Based
Decision Table Testing
State Transition Testing
Experience Based
Experience Based
CRUD Testing
Metamorphic Testing
Fuzz & Random Testing
Test Design Patterns in Test Automation
Test Design Patterns in Test Automation
Fundamentals
Fundamentals
Test Types and Levels
Test Pyramid, Trophy and Core Principles
Test Architecture
Core Patterns
Core Patterns
Page Object Model (POM)
Screenplay Pattern
Test Data Builder
Fixture Pattern and Factory Pattern
Advanced Patterns
Advanced Patterns
Wrapper / Abstraction Layer and Fluent Interface Pattern
Assertion Pattern, Test Template Pattern, Data-Driven Pattern
API Test Patterns
API Test Patterns
API Test Patterns: REST and GraphQL
API Test Patterns: gRPC and WebSocket
Data Mocking Env
Data Mocking Env
Test Data Management
Mocking and Stubbing
Test Environment Design
Execution Reliability
Execution Reliability
Test Execution Strategies
Test Reliability and Flakiness
Performance Testing and Observability in Tests
Decisions Production
Decisions Production
CI/CD Integration and Security Testing
Test Anti-Patterns and Risks
Real-World Test Architectures, Decision Factors, and Heuristics
Testing Pyramid
Testing Pyramid
Unit Tests
Unit Tests
Unit Tests — Concept & Examples
Unit Tests — Common Mistakes
Integration Tests
Integration Tests
Integration Tests — Concept & Examples
Integration Tests — Common Mistakes
E2E Tests
E2E Tests
E2E Tests — Concept & Examples
E2E Tests — Common Mistakes
Pyramid Strategy
Pyramid Strategy
Pyramid Shape, Anti-Patterns & Alternatives
Test Automation Framework
Test Automation Framework
Architecture
Architecture
Framework Goals & Core Principles
Framework Architecture — Layers & Responsibilities
Framework Directory Structure
Design Patterns
Design Patterns
UI Test Design Patterns
API & Data Test Design Patterns
Advanced Framework Patterns
Test Data
Test Data
Test Data Strategies & Isolation
Builders, Factories & DB Seeding
API Testing
API Testing
API Testing — REST & GraphQL
API Testing — gRPC & WebSocket
UI Testing
UI Testing
UI Testing — Tools & Patterns
UI Testing — Wait Strategies, Retry & Selector Abstraction
Execution Reliability
Execution Reliability
Test Execution — Parallel & Test Organisation
Reliability & Flakiness
Mocking & Test Isolation
Config CI/CD Decisions
Config CI/CD Decisions
Configuration Management
Logging, Reporting & Observability
CI/CD Integration
Performance Testing Support & Security Testing
Framework Extensibility & Anti-Patterns
Risks, Real-World Patterns & Decision Heuristics
Robot Framework
Robot Framework
Fundamentals
Fundamentals
Core Syntax & Test Structure
Keywords & Variables
Libraries & Extensibility
Architecture
Architecture
Layered Architecture
Keyword Design Principles
Test Data Management
API Testing
API Testing
API Testing Architecture & Patterns
Request Design & Validation Strategy
API Testing — Step by Step
Practical — Full API Framework
UI Testing
UI Testing
Page Object Pattern & Locators
Wait Strategies & Flakiness Control
UI Testing — Step by Step
Practical — Full UI Framework
Execution & Reliability
Execution & Reliability
Parallel Execution with Pabot
Error Handling & Retry Patterns
Setup, Teardown & Test Organization
Infrastructure
Infrastructure
Configuration & Secrets Management
Logging, Debugging & Reporting
CI/CD Integration
Decisions & Production
Decisions & Production
Scalability & Maintainability
Anti-Patterns, Risks & Limitations
Maturity Model & Engineering Heuristics
DeepEval — LLM Testing Guide
DeepEval — LLM Testing Guide
DeepEval Testing Guide for QA Engineers
Metrics
Metrics
DeepEval Guide — Part 2: RAG Metrics
DeepEval Guide — Part 3: LLM Output Quality Metrics
DeepEval Guide — Part 4: AI Agent Metrics
DeepEval Guide — Part 5: Chatbot Metrics
DeepEval Guide — Part 6: MCP (Model Context Protocol) Metrics
DeepEval Guide — Part 7: Extra Metrics and Advanced Patterns
DeepEval Guide — Part 8: Multimodal (Image) Metrics
Testing
Testing
DeepEval Guide — Part 9: Red Teaming LLM Applications
DeepEval Guide — Part 10: Custom LLMs and Embedding Models
DeepEval Guide — Part 11: Building Custom Metrics
DeepEval Guide — Part 12: Testing Workflows
DeepEval Guide — Part 13: LLM Benchmarks
DeepEval Guide — Part 14b: Conversational RAG Evaluation
Practical
Practical
DeepEval Guide — Part 14: Practical RAG Testing
DeepEval Guide — Part 15: RAG Diagnostic Testing
DeepEval Guide — Part 16: Datasets and Goldens
DeepEval Guide — Part 17: Prompts & Prompt Optimization
DeepEval Guide — Part 18: Evaluation Configs, Flags & Reference
DeepEval Guide — Part 19: Reference Appendix
DeepEval Guide — Part 20: End-to-End Complex Tests
Performance Testing
Performance Testing
Fundamentals Metrics
Fundamentals Metrics
Performance Testing — Goals & Types
Core Metrics
Metric Relationships
Locust
Locust
Locust — Architecture & Basics
Load Modeling
Test Design in Locust
Metrics Analysis in Locust
Advanced Locust Usage
Bottlenecks Monitoring
Bottlenecks Monitoring
Performance Bottlenecks
Monitoring & Observability
Execution Results
Execution Results
SLA / SLO
Test Execution Strategy
Interpreting Results
Pitfalls, Real-World Scenarios & Heuristics
Python Guide
Python Guide
Setup & Fundamentals
Setup & Fundamentals
Environment Setup
Data Types & Variables
Control Flow & Loops
Data Structures
Functions & Modules
OOP & Error Handling
OOP & Error Handling
Classes & Objects
Inheritance & Composition
Exceptions & Logging
Files & Data Formats
Testing with pytest
Testing with pytest
Testing Fundamentals
pytest Basics
Fixtures & Parametrize
Test Architecture
Assertions & Mocking
Automation
Automation
API Testing
UI Automation
Test Design Patterns
Code Quality & CI/CD
Code Quality & CI/CD
Code Quality Tools
Dependency Management
CI/CD Integration
Advanced Topics
Advanced Topics
Decorators & Generators
Context Managers & Async
Performance & Optimization
Best Practices
Best Practices
Security
Common Pitfalls
Interview Readiness
Recommended Stack
Further Learning
Jenkins Guide
Jenkins Guide
Fundamentals
Fundamentals
What Is a Jenkinsfile
Declarative vs Scripted
Declarative Syntax
Declarative Syntax
Pipeline, Agent & Options
Stages & Steps
Post, Triggers & Tools
Advanced Features
Advanced Features
Parameters & Environment
When Conditions & Parallel
Shared Libraries
Patterns & Best Practices
Patterns & Best Practices
Security & Performance
Real-World Templates
Infrastructure & Tools
Infrastructure & Tools
CI/CD
CI/CD
Fundamentals
Fundamentals
CI/CD — Concepts & Goals
Pipeline Architecture
Build Artifacts
Build Artifacts
Build Stage
Artifact Management
Testing
Testing
Testing in CI/CD — Layers & Strategy
Quality Gates
Deployment
Deployment
Deployment Strategies
Infrastructure & Infrastructure as Code
Environment Management
Security Observability
Security Observability
Security in CI/CD
Pipeline Observability
Pipeline Performance & Optimisation
Release Production
Release Production
Release Management
Rollback Strategies
Testing in Production
Patterns Decisions
Patterns Decisions
Advanced CI/CD Patterns
Failure Handling in CI/CD
Anti-Patterns & Risks
Real-World Architectures, Heuristics & Decision Factors
Databases
Databases
PostgreSQL
PostgreSQL
PostgreSQL — Commands & psql
PostgreSQL — Schema & Data Types
PostgreSQL — Queries & Performance
PostgreSQL — Admin & Operations
PostgreSQL — Basic Query Commands
Tools
Tools
Docker & Docker Compose
Docker & Docker Compose
Docker — Commands & Fundamentals
Docker — Dockerfile Best Practices
Docker — Docker Compose
Docker — Networking & Volumes
Docker — Security & Production
Docker — Debugging & Troubleshooting
Git
Git
Git — Commands & Fundamentals
Git — Branching Strategies
Git — Commit Conventions & PR Practices
Git — Advanced Workflows
Git — Hooks & Configuration
Git — Troubleshooting & Recovery
Linux Terminal
Linux Terminal
Navigation, Files & Shell Basics
Search, Pipes & Text Processing
Processes & System Monitoring
Network Basics
Administration & Scripting Basics
Kubernetes
Kubernetes
kubectl Fundamentals
Workloads & Scheduling
Services & Networking
Configuration & Storage
Helm & Deployment Strategies
Security & Observability
Python Libraries
Python Libraries
Code Quality
Code Quality
Ruff — Linting & Formatting
Static Analysis — mypy, Pyright, wemake-python-styleguide
Pre-Commit Hooks
Test Coverage — Measurement, Enforcement, Mutation Testing
Config Template — pyproject.toml + Pre-Commit
FastAPI
FastAPI
FastAPI — App & Routing
FastAPI — Dependencies & Middleware
FastAPI — Database Integration
FastAPI — Auth & Security
FastAPI — Testing
FastAPI — Production Patterns
FastAPI — ASGI, Uvicorn, Starlette
HTTPX
HTTPX
HTTPX — Fundamentals
HTTPX — Async Patterns
HTTPX — Advanced Configuration
LangChain
LangChain
LangChain — Models, Prompts & Parsers
LangChain — LCEL & Chains
LangChain — RAG & Retrieval
LangChain — Agents & Tools
LangChain — Memory & State
LangChain — LangGraph & Production
LangChain — Security, Evaluation & Operations
LangChain — Practical Playbooks
Playwright
Playwright
Playwright — UI Testing
Playwright — API Testing
Playwright — Page Object Model
Playwright — Advanced Patterns
Playwright — UI Practical Playbook
Playwright — API Practical Playbook
Pydantic
Pydantic
Pydantic — Models & Fields
Pydantic — Validators & Serialization
Pydantic — Advanced Patterns
Pydantic — Config & Performance
Pytest
Pytest
Core Guides
Core Guides
Pytest — Fundamentals
Pytest — Advanced Patterns & Best Practices
Practical Playbooks
Practical Playbooks
Pytest Playbook — Real-World Recipes
Pytest Playbook — Test Data Factories
Pytest Playbook — Flakiness Debugging
Pytest Playbook — Config Template
Requests
Requests
Requests — Fundamentals & Methods
Requests — Advanced Patterns & Best Practices
SQLAlchemy
SQLAlchemy
SQLAlchemy — Engine & Models
SQLAlchemy — Relationships & Queries
SQLAlchemy — Sessions & Transactions
SQLAlchemy — Async Patterns
SQLAlchemy — Alembic Migrations
SQLAlchemy — Advanced Recipes
uv
uv
uv — Projects & Dependencies
uv — Scripts & Tools
uv — Python & Environments
uv — Workspaces & Docker
uv — Build & Publish
Home
Security
OWASP API Security
OWASP API Advanced Controls
Back to top