Code Security
In-depth guides and analysis on code security from the Safeguard engineering team.
5 articles
XML External Entity (XXE) Prevention: Disabling the Features That Attack You
XXE attacks exploit XML parser features that most applications never need. Here is how to disable them across every major language and framework.
Insecure Deserialization: Why Untrusted Data Should Never Become Objects
Deserialization vulnerabilities turn data into code execution. Here is how they work, which languages are most affected, and how to defend against them.
Server-Side Request Forgery (SSRF): The Vulnerability That Unlocks Cloud Metadata
SSRF lets attackers reach internal services through your application. In cloud environments, that often means access to instance metadata and IAM credentials.
Cross-Site Scripting (XSS) Prevention: Context-Aware Encoding and Modern Defenses
XSS remains a top web vulnerability because output encoding is context-dependent. Here is how to get it right across HTML, JavaScript, URL, and CSS contexts.
SQL Injection Prevention in 2022: Why It Still Happens and How to Stop It
SQL injection has been the top web vulnerability for over two decades. Modern frameworks help, but they do not make it impossible. Here is what still goes wrong.