Safeguard
Topic

Industry Analysis

In-depth guides and analysis on industry analysis from the Safeguard engineering team.

294 articles

Industry Analysis

Analysis of documented WebAssembly sandbox escape vulnera...

Real documented WASM sandbox escape cases in Wasmtime and Wasmer, covering affected versions, severity, disclosure timelines, and how to remediate.

Dec 10, 20259 min read
Industry Analysis

How the WASI security model constrains system access for ...

WASI's capability model gives Wasm modules only the exact files, sockets, and resources they're explicitly granted—but misconfiguration and runtime bugs still leave real gaps to close.

Dec 10, 20257 min read
Industry Analysis

Practical steps to secure third-party WebAssembly plugins...

A step-by-step guide to securing third-party WebAssembly plugins in production: sandboxing, capability restriction, resource limits, provenance checks, and runtime monitoring.

Dec 10, 20258 min read
Industry Analysis

Security considerations for running WebAssembly at the ed...

Wasm's sandbox is safe by default, not safe by construction. Here's where edge WebAssembly security breaks down -- in browsers, at the edge, and in the build pipeline.

Dec 10, 20257 min read
Industry Analysis

Best SLSA-compliant build systems

A fair comparison of SLSA compliant build systems—GitHub Actions, Cloud Build, GitLab, Tekton Chains—with real strengths and limitations for Build Level 3.

Nov 18, 20258 min read
Industry Analysis

NoSQL Injection Attack Techniques

NoSQL injection lets attackers bypass logins and hijack MongoDB/CouchDB apps using operators like $ne and $where. Here's how it works and how to stop it.

Nov 9, 20258 min read
Industry Analysis

XPath Injection Vulnerabilities

XPath injection lets attackers rewrite XML queries to bypass logins and steal data. Here is how it works, real incidents, and how Safeguard defends against it.

Nov 9, 20258 min read
Industry Analysis

Object Injection Vulnerabilities in PHP and Node.js

PHP's unserialize() and Node's insecure deserialization both let attackers forge objects and execute code. Here's how object injection works and how to stop it.

Nov 9, 20257 min read
Industry Analysis

Expression Language Injection (ELI) in Java Applications

Expression language injection in Java has powered some of the decade's worst breaches, from Equifax to Confluence. Here's how OGNL and SpEL flaws actually get exploited.

Nov 8, 20257 min read
Industry Analysis

DOM-Based XSS: Client-Side Sink Vulnerabilities

DOM-based XSS sink vulnerabilities let attacker data reach dangerous JavaScript sinks without touching the server, slipping past WAFs and static scanners.

Nov 8, 20258 min read
Industry Analysis

Prototype Pollution in JavaScript Applications

Prototype pollution has hit lodash, jQuery, and minimist with real CVEs, from DoS to RCE. Here's how the bug works and how Safeguard catches it before it ships.

Nov 8, 20257 min read
Industry Analysis

ReDoS: Regular Expression Denial of Service Attacks

ReDoS took down Cloudflare's global network for 27 minutes in 2019 and Stack Overflow in 2016. Here's how one bad regex causes an outage, and how to catch it first.

Nov 8, 20258 min read
Industry Analysis (Page 13) — Supply Chain Security Blog | Safeguard