Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

XML Parsing Security: XXE, Billion Laughs, and Beyond

XML's feature richness is its security weakness. XXE, entity expansion, and XSLT injection continue to plague applications that process XML.

Jan 12, 20264 min read
Application Security

Out-of-Bounds Read Vulnerabilities (CWE-125) Explained

How out-of-bounds read vulnerabilities (CWE-125) leak memory instead of crashing programs, why Heartbleed and Cloudbleed happened, and how to catch them in your dependencies.

Nov 12, 20257 min read
Application Security

Out-of-Bounds Write Vulnerabilities (CWE-787) Explained

CWE-787 out-of-bounds write bugs let attackers corrupt memory past a buffer's limit, causing crashes or code execution. Here's how they work.

Nov 12, 20258 min read
Application Security

Improper Restriction of Operations Within Memory Bounds

CWE-119 has topped MITRE's vulnerability rankings for years, from Heartbleed to WannaCry to the 2023 libwebp zero-day. Here's why it persists and how to catch it early.

Nov 11, 20257 min read
Application Security

Integer Overflow and Wraparound Vulnerabilities

A single wrapped integer minted 184B bitcoin, grounded 787s, and erased $900M from a crypto token. Here's how overflow bugs work—and how Safeguard catches them first.

Nov 11, 20258 min read
Application Security

Double-Free Vulnerabilities in C and C++

Double-free bugs let attackers corrupt heap memory and hijack control flow. Here's how they happen in C/C++, real CVEs, and how to catch them early.

Nov 11, 20258 min read
Application Security

Memory Leak Vulnerabilities: Causes and Detection

Memory leaks aren't just a performance bug — from Heartbleed to Samba's CVE-2018-16851, they're a documented attack surface. Here's how they're caused, scored, and detected.

Nov 11, 20257 min read
Application Security

Null Pointer Dereference Vulnerabilities

A single unchecked pointer can crash a server. Here's what null pointer dereference vulnerabilities are, real CVEs like OpenSSL's, and how to catch them.

Nov 10, 20257 min read
Application Security

Uncaught Exception Security Risks

An uncaught exception isn't just a crash: it caused the Equifax breach and Log4j outages. See how exception-handling bugs become real security incidents.

Nov 10, 20257 min read
Application Security

Insufficient Encapsulation Vulnerabilities

An insufficient encapsulation vulnerability (CWE-485) exposes internal state to untrusted code. See how it drove real CVEs in Velocity, Lodash, and BeanUtils.

Nov 10, 20257 min read
Application Security

Generation of Predictable Numbers or Identifiers

From Debian's 2008 OpenSSL bug to First American's 885-million-record leak, predictable identifiers keep breaking security. Here's how the vulnerability works and how to stop it.

Nov 10, 20257 min read
Application Security

Best penetration testing platforms and services

A practical, no-hype comparison of penetration testing platforms and pentest-as-a-service vendors — what to evaluate, six real providers reviewed, and where supply chain risk fits in.

Nov 6, 20257 min read
Application Security (Page 31) — Supply Chain Security Blog | Safeguard