Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
XML signature wrapping attacks explained
XML signature wrapping lets attackers forge signed SOAP and SAML messages without breaking the signature. Here's how the attack works and how to stop it.
SSRF via webhooks explained
Webhook SSRF turns a trusted callback feature into an internal network foothold. Here is how the attack works, real incidents, and how to actually fix it.
Kubernetes RBAC misconfiguration explained
RBAC misconfigurations like wildcard rules and default service account bindings have powered real cluster takeovers, from CVE-2018-1002105 to Siloscape.
Secrets leakage in Docker images explained
How credentials get baked into Docker image layers, real incidents that exposed them, and how to detect and stop secrets leakage in container images.
Terraform infrastructure-as-code misconfiguration explained
Terraform misconfigurations — not zero-days — cause most cloud breaches. Here's how they happen, real incidents they caused, and how to catch them pre-deploy.
Cloud IAM privilege escalation paths explained
A breakdown of how cloud IAM privilege escalation paths work across AWS, GCP, and Azure, with real permission chains and breach examples.
S3 bucket misconfiguration vulnerabilities explained
S3 misconfigurations have exposed hundreds of millions of records in breaches from Deep Root Analytics to Capital One. Here's how they happen and how to catch them.
Prompt injection vulnerabilities in LLM applications explained
Prompt injection is OWASP's #1 LLM risk. See real CVEs like Vanna.AI's RCE flaw and how to detect and stop it.
Python Pickle deserialization risk explained
Pickle deserialization lets attacker-controlled data execute arbitrary code on load. Here's how the exploit works, real CVEs, and how to fix it.
Java deserialization gadget chains explained
Java deserialization gadget chains turn trusted classpath libraries into RCE. Learn how they work, key CVEs like CVE-2015-4852, and how to detect them.
Regular expression injection explained
Regex injection lets attackers rewrite pattern logic or trigger ReDoS. See real CVEs, exploit examples, and how to detect and fix it in your code.
Argument injection vulnerabilities explained
How argument injection (CWE-88) vulnerabilities work, real CVEs like PHPMailer and Git ssh URLs, and how teams detect and prevent CWE-88 flaws.