Application Security
In-depth guides and analysis on application security from the Safeguard engineering team.
480 articles
How to prevent log injection vulnerabilities in Node.js
Log injection lets attackers forge log entries in Node.js apps via unsanitized input. Learn the sanitization, encoding, and structured-logging fixes that stop it.
Preventing open redirect vulnerabilities
Open redirect flaws turn trusted domains into phishing and OAuth-token-theft infrastructure. Here's how they work, how to find them, and how to fix them for good.
Preventing XML external entity (XXE) injection
XXE injection lets attackers read local files, trigger SSRF, or crash servers via XML parsers. Here is how it works and how to shut it down for good.
Python security best practices cheat sheet
A no-fluff cheat sheet of concrete Python security fixes—dependency pinning, pickle/eval risks, PyPI trust signals, and CI gates—with real CVEs and commands.
Software Composition Analysis (SCA) explained: how it fin...
SCA scans your dependency tree against CVE databases to catch vulnerable open-source packages like Log4Shell before they reach production.
10 Java security best practices
10 Java security best practices security teams should enforce across dependency management, deserialization, injection, secrets, and build pipelines.
Go security cheat sheet for developers
A practical Go security cheat sheet: the real vulnerability classes, must-patch stdlib CVEs, and dependency scanning tactics developers need to know.
PHP security best practices guide
A practical PHP security best practices guide covering SQL injection, deserialization RCE, upload hardening, dependency risk, and real exploited CVEs like CVE-2024-4577.
Better Ruby Gemfile security: a step-by-step guide
A step-by-step guide to auditing your Gemfile.lock, spotting RubyGems supply chain attacks, and locking down Ruby dependencies before they ship.
10 React security best practices
Real CVEs, real npm supply chain hijacks, and the concrete React practices — from CSP to token storage — that actually stop them.
6 Angular security best practices cheat sheet
A six-part cheat sheet on Angular security: sanitizer limits, AngularJS EOL, dependency risk, token storage, CSP nonces, and library auditing.
Comparing React and Angular secure coding practices
React auto-escapes JSX but not URLs; Angular sanitizes by context but allows explicit bypasses. Here's where each framework's XSS defenses actually stop.