Safeguard
Topic

Security Guides

In-depth guides and analysis on security guides from the Safeguard engineering team.

124 articles

Security Guides

Kotlin Security Best Practices: Beyond Null Safety on the JVM and Android

Null safety is a reliability win, not a security boundary. A Kotlin app inherits every JVM supply-chain CVE and the full Android attack surface — here's what the type system doesn't do for you.

Jul 2, 20266 min read
Security Guides

Auditing Maven Dependencies with OWASP Dependency-Check

OWASP Dependency-Check is the classic way to scan Java and Maven projects against the NVD. Learn to run it, tame its false positives, and move beyond CPE matching.

Jul 2, 20266 min read
Security Guides

NumPy Security Guide (2026)

NumPy is the numerical foundation of the Python data ecosystem — and while many of its CVEs are disputed, the pickle-based numpy.load deserialization risk is real and worth understanding.

Jul 2, 20266 min read
Security Guides

OWASP A03: Injection Explained — A Deep-Dive Guide

Injection ranks #3 in the OWASP Top 10 (2021) and now includes XSS. A deep dive into SQLi, command injection, real CVEs, and how to detect and fix it in 2026.

Jul 2, 20266 min read
Security Guides

OWASP A04: Insecure Design — A Deep-Dive Guide

Insecure Design is a new OWASP Top 10 (2021) category at #4. A deep dive into design flaws vs implementation bugs, threat modeling, real cases, and prevention.

Jul 2, 20267 min read
Security Guides

Spring Security Configuration Guide: The Modern SecurityFilterChain Approach

A practical Spring Security configuration guide for 2026 using the component-based SecurityFilterChain, method security, CSRF, CORS, and password encoding.

Jul 2, 20265 min read
Security Guides

Vue Security Best Practices: v-html, Dynamic Components, and SSR

Vue escapes mustache templates automatically, but v-html, dynamic component names, and SSR hydration open real XSS holes. Here is how to close them.

Jul 2, 20265 min read
Security Guides

Flask Security Best Practices for 2026

Flask is minimal by design, which means the security decisions Django makes for you are decisions you own. Here is how to make them correctly.

Jul 1, 20265 min read
Security Guides

C# Secure Coding Guide: Patterns That Prevent Real Bugs

A hands-on C# secure coding guide covering input validation, safe APIs, path traversal, injection, and the language-level patterns that keep vulnerabilities out of your code.

Jul 1, 20266 min read
Security Guides

Django Security Best Practices for 2026

Django ships with strong defaults, but misconfigured settings, raw ORM queries, and unpinned dependencies still cause real breaches. Here is the checklist that matters.

Jul 1, 20266 min read
Security Guides

.NET Security Best Practices for 2026

A practical .NET security playbook covering dependency risk, deserialization, secrets, cryptography, and CI/CD hardening, with the config flags and CVEs that make each control real.

Jul 1, 20267 min read
Security Guides

Go Security Best Practices: A 2026 Field Guide for Backend Teams

Go ships secure defaults most other languages lack — but its supply chain, concurrency model, and cgo edges still leak real vulnerabilities. Here are the practices that actually move the needle.

Jul 1, 20268 min read
Security Guides (Page 9) — Supply Chain Security Blog | Safeguard