Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

How to prevent log injection vulnerabilities in Node.js

Log injection lets attackers forge log entries in Node.js apps via unsanitized input. Learn the sanitization, encoding, and structured-logging fixes that stop it.

May 29, 20266 min read
Application Security

Preventing open redirect vulnerabilities

Open redirect flaws turn trusted domains into phishing and OAuth-token-theft infrastructure. Here's how they work, how to find them, and how to fix them for good.

May 28, 20267 min read
Application Security

Preventing XML external entity (XXE) injection

XXE injection lets attackers read local files, trigger SSRF, or crash servers via XML parsers. Here is how it works and how to shut it down for good.

May 28, 20267 min read
Application Security

Python security best practices cheat sheet

A no-fluff cheat sheet of concrete Python security fixes—dependency pinning, pickle/eval risks, PyPI trust signals, and CI gates—with real CVEs and commands.

May 28, 20261 min read
Application Security

Software Composition Analysis (SCA) explained: how it fin...

SCA scans your dependency tree against CVE databases to catch vulnerable open-source packages like Log4Shell before they reach production.

May 28, 20267 min read
Application Security

10 Java security best practices

10 Java security best practices security teams should enforce across dependency management, deserialization, injection, secrets, and build pipelines.

May 27, 20267 min read
Application Security

Go security cheat sheet for developers

A practical Go security cheat sheet: the real vulnerability classes, must-patch stdlib CVEs, and dependency scanning tactics developers need to know.

May 27, 20267 min read
Application Security

PHP security best practices guide

A practical PHP security best practices guide covering SQL injection, deserialization RCE, upload hardening, dependency risk, and real exploited CVEs like CVE-2024-4577.

May 27, 20268 min read
Application Security

Better Ruby Gemfile security: a step-by-step guide

A step-by-step guide to auditing your Gemfile.lock, spotting RubyGems supply chain attacks, and locking down Ruby dependencies before they ship.

May 27, 20267 min read
Application Security

10 React security best practices

Real CVEs, real npm supply chain hijacks, and the concrete React practices — from CSP to token storage — that actually stop them.

May 26, 20268 min read
Application Security

6 Angular security best practices cheat sheet

A six-part cheat sheet on Angular security: sanitizer limits, AngularJS EOL, dependency risk, token storage, CSP nonces, and library auditing.

May 26, 20267 min read
Application Security

Comparing React and Angular secure coding practices

React auto-escapes JSX but not URLs; Angular sanitizes by context but allows explicit bypasses. Here's where each framework's XSS defenses actually stop.

May 26, 20269 min read
Application Security (Page 17) — Supply Chain Security Blog | Safeguard