Safeguard
Topic

Industry Analysis

In-depth guides and analysis on industry analysis from the Safeguard engineering team.

294 articles

Industry Analysis

CORS Misconfiguration Vulnerabilities

CORS misconfiguration vulnerabilities let attackers steal authenticated API data with a single reflected Origin header. Here's how they happen and how to catch them before release.

Nov 4, 20256 min read
Industry Analysis

Weak Password Recovery Mechanisms

From Sarah Palin's 2008 Yahoo hack to the 2014 iCloud photo leak, weak password recovery flows keep giving attackers account takeover without a password.

Nov 1, 20257 min read
Industry Analysis

Session Persistence Security Risks

CircleCI, Okta, Sourcegraph, and Codecov were all breached the same way: a session token outlived the trust that created it. Here's how session persistence becomes a supply chain risk.

Nov 1, 20258 min read
Industry Analysis

Multi-Factor Authentication Bypass via Privilege Escalation

Attackers increasingly skip cracking MFA altogether — they escalate privileges around it. Real cases from Microsoft, Uber, and SolarWinds show how, and what actually stops it.

Nov 1, 20257 min read
Industry Analysis

Personal Access Token Security Best Practices

Leaked personal access tokens have driven major supply chain breaches. Here's why PATs are risky, real incidents, and how scoping, rotation, and detection fix it.

Nov 1, 20256 min read
Industry Analysis

Hardcoded Secrets in Source Code: Detection and Remediation

Hardcoded secrets in source code caused breaches at Toyota, Uber, and Samsung. Here's why developers keep doing it, how attackers exploit it, and how to fix it.

Oct 31, 20258 min read
Industry Analysis

Insecure Hash Algorithm Usage in Application Code

MD5 and SHA-1 collisions were proven broken decades ago, yet they still power passwords, checksums, and signatures in production code today. Here's why—and how to find them.

Oct 31, 20257 min read
Industry Analysis

Insecure Randomness in Security-Sensitive Code

A single deleted line broke Debian's OpenSSL keys for two years. We break down real insecure randomness vulnerabilities and how Safeguard catches weak PRNGs before attackers do.

Oct 31, 20257 min read
Industry Analysis

Missing Encryption of Sensitive Data

Missing encryption of sensitive data (CWE-311) drove breaches from Equifax to CVS Health. Here's how it happens across the software supply chain and how to catch it early.

Oct 31, 20257 min read
Industry Analysis

Cleartext Sensitive Information in Cookies

Cleartext sensitive data in cookies (CWE-315) quietly enables account takeover and IDOR. Here's how it happens, why it survives review, and how Safeguard catches it.

Oct 30, 20257 min read
Industry Analysis

Unrestricted File Upload Vulnerabilities

Unrestricted file upload flaws let attackers turn a simple upload form into remote code execution. Here's how real-world CVEs happened, and how to prevent them.

Oct 30, 20257 min read
Industry Analysis

Insecure Temporary File Creation

Insecure temp file creation (CWE-377) still causes real CVEs today — from JUnit4 to npm's tmp package. Here's how the race condition works and how to stop it.

Oct 30, 20257 min read
Industry Analysis (Page 15) — Supply Chain Security Blog | Safeguard