Safeguard
Topic

Security Guides

In-depth guides and analysis on security guides from the Safeguard engineering team.

124 articles

Security Guides

OWASP A08: Software and Data Integrity Failures — A Deep-Dive Guide

Software and Data Integrity Failures rank #8 in the OWASP Top 10 (2021). A deep dive into insecure deserialization, unsigned updates, SolarWinds, and real CVEs.

Jul 6, 20267 min read
Security Guides

REST API Security Best Practices: The OWASP API Top 10 in Practice

Most API breaches aren't exotic — they're broken object-level authorization and missing rate limits. A practical walk through the OWASP API Security Top 10.

Jul 6, 20265 min read
Security Guides

Securing Your Python Supply Chain on PyPI

Typosquats, dependency confusion, and account takeovers all target the same moment: pip install. Here is how to make that moment trustworthy.

Jul 6, 20265 min read
Security Guides

semver (npm) Security Guide (2026)

semver is the version-parsing library at the heart of npm itself — and a single ReDoS CVE in its range parser turned this universal dependency into one of the most widely flagged advisories in the JavaScript ecosystem.

Jul 6, 20266 min read
Security Guides

Spring Framework Security Guide (2026)

Spring Framework is the backbone of enterprise Java — and the source of Spring4Shell plus a steady stream of path-traversal and SSRF CVEs. Here is how to run it safely in 2026.

Jul 6, 20266 min read
Security Guides

Auditing PHP Dependencies with composer audit

Composer ships a native security auditor. Learn to run composer audit against your composer.lock, catch abandoned packages, and extend it with continuous SCA.

Jul 5, 20265 min read
Security Guides

C# Cryptography Best Practices in .NET

The right way to do cryptography in C#: authenticated encryption with AesGcm, secure randomness, PBKDF2 password hashing, constant-time comparison, and the legacy APIs to stop using.

Jul 5, 20265 min read
Security Guides

Go Concurrency Security Pitfalls: When Data Races Become Vulnerabilities

A data race isn't just a flaky test — in the wrong place it's an auth bypass, a cross-request leak, or a denial of service. Here are the Go concurrency bugs that turn into security incidents.

Jul 5, 20267 min read
Security Guides

GraphQL API Security: Introspection, Depth Limits, and Authorization

GraphQL's flexibility is its attack surface. Nested queries, introspection, and per-field authorization all fail differently than REST. Here's how to secure them.

Jul 5, 20265 min read
Security Guides

Java SQL Injection Prevention: Parameterized Queries and Beyond

SQL injection is decades old and still breaching Java apps. Here's how to prevent it with prepared statements, JPA binding, and safe dynamic queries.

Jul 5, 20265 min read
Security Guides

Log4j Security Guide (2026)

Log4j is the most widely deployed Java logging library — and the source of Log4Shell, the defining supply-chain vulnerability of the decade. Here is how to run it safely in 2026.

Jul 5, 20266 min read
Security Guides

minimist Security Guide (2026)

minimist is the tiny argument parser buried under a huge slice of the npm ecosystem — and two prototype-pollution CVEs made this 'harmless' 100-line library one of the most widely flagged transitive dependencies in JavaScript.

Jul 5, 20266 min read
Security Guides (Page 4) — Supply Chain Security Blog | Safeguard