Security Guides
In-depth guides and analysis on security guides from the Safeguard engineering team.
124 articles
Kotlin Security Best Practices: Beyond Null Safety on the JVM and Android
Null safety is a reliability win, not a security boundary. A Kotlin app inherits every JVM supply-chain CVE and the full Android attack surface — here's what the type system doesn't do for you.
Auditing Maven Dependencies with OWASP Dependency-Check
OWASP Dependency-Check is the classic way to scan Java and Maven projects against the NVD. Learn to run it, tame its false positives, and move beyond CPE matching.
NumPy Security Guide (2026)
NumPy is the numerical foundation of the Python data ecosystem — and while many of its CVEs are disputed, the pickle-based numpy.load deserialization risk is real and worth understanding.
OWASP A03: Injection Explained — A Deep-Dive Guide
Injection ranks #3 in the OWASP Top 10 (2021) and now includes XSS. A deep dive into SQLi, command injection, real CVEs, and how to detect and fix it in 2026.
OWASP A04: Insecure Design — A Deep-Dive Guide
Insecure Design is a new OWASP Top 10 (2021) category at #4. A deep dive into design flaws vs implementation bugs, threat modeling, real cases, and prevention.
Spring Security Configuration Guide: The Modern SecurityFilterChain Approach
A practical Spring Security configuration guide for 2026 using the component-based SecurityFilterChain, method security, CSRF, CORS, and password encoding.
Vue Security Best Practices: v-html, Dynamic Components, and SSR
Vue escapes mustache templates automatically, but v-html, dynamic component names, and SSR hydration open real XSS holes. Here is how to close them.
Flask Security Best Practices for 2026
Flask is minimal by design, which means the security decisions Django makes for you are decisions you own. Here is how to make them correctly.
C# Secure Coding Guide: Patterns That Prevent Real Bugs
A hands-on C# secure coding guide covering input validation, safe APIs, path traversal, injection, and the language-level patterns that keep vulnerabilities out of your code.
Django Security Best Practices for 2026
Django ships with strong defaults, but misconfigured settings, raw ORM queries, and unpinned dependencies still cause real breaches. Here is the checklist that matters.
.NET Security Best Practices for 2026
A practical .NET security playbook covering dependency risk, deserialization, secrets, cryptography, and CI/CD hardening, with the config flags and CVEs that make each control real.
Go Security Best Practices: A 2026 Field Guide for Backend Teams
Go ships secure defaults most other languages lack — but its supply chain, concurrency model, and cgo edges still leak real vulnerabilities. Here are the practices that actually move the needle.