Security — Overview#
Security is not the main topic at SDE-2. It's a supporting concern. Know enough to mention it confidently, not enough to get lost in it.
In a Google L4 system design interview, security comes up as a follow-up or as part of your NFRs. The interviewer wants to know you're aware of it — not that you can design an auth system from scratch. Cover auth flow, encryption, rate limiting, and input validation. Don't deep dive unless pushed.
Files in this folder#
| File | Topic |
|---|---|
| 01-Authentication-and-JWT.md | Authn vs authz, JWT internals, access + refresh token flow, cookies vs bearer |
| 02-Encryption.md | Encryption in transit vs at rest — TLS and AES-256 |
| 03-Interview-Cheatsheet.md | Rate limiting, input validation, CORS, what to say out loud |