Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

XML signature wrapping attacks explained

XML signature wrapping lets attackers forge signed SOAP and SAML messages without breaking the signature. Here's how the attack works and how to stop it.

Dec 4, 20257 min read
Vulnerability Analysis

SSRF via webhooks explained

Webhook SSRF turns a trusted callback feature into an internal network foothold. Here is how the attack works, real incidents, and how to actually fix it.

Dec 4, 20257 min read
Vulnerability Analysis

Kubernetes RBAC misconfiguration explained

RBAC misconfigurations like wildcard rules and default service account bindings have powered real cluster takeovers, from CVE-2018-1002105 to Siloscape.

Dec 4, 20256 min read
Vulnerability Analysis

Secrets leakage in Docker images explained

How credentials get baked into Docker image layers, real incidents that exposed them, and how to detect and stop secrets leakage in container images.

Dec 3, 20257 min read
Vulnerability Analysis

Terraform infrastructure-as-code misconfiguration explained

Terraform misconfigurations — not zero-days — cause most cloud breaches. Here's how they happen, real incidents they caused, and how to catch them pre-deploy.

Dec 3, 20257 min read
Vulnerability Analysis

Cloud IAM privilege escalation paths explained

A breakdown of how cloud IAM privilege escalation paths work across AWS, GCP, and Azure, with real permission chains and breach examples.

Dec 3, 20257 min read
Vulnerability Analysis

S3 bucket misconfiguration vulnerabilities explained

S3 misconfigurations have exposed hundreds of millions of records in breaches from Deep Root Analytics to Capital One. Here's how they happen and how to catch them.

Dec 3, 20256 min read
Vulnerability Analysis

Prompt injection vulnerabilities in LLM applications explained

Prompt injection is OWASP's #1 LLM risk. See real CVEs like Vanna.AI's RCE flaw and how to detect and stop it.

Dec 2, 20257 min read
Vulnerability Analysis

Python Pickle deserialization risk explained

Pickle deserialization lets attacker-controlled data execute arbitrary code on load. Here's how the exploit works, real CVEs, and how to fix it.

Dec 2, 20257 min read
Vulnerability Analysis

Java deserialization gadget chains explained

Java deserialization gadget chains turn trusted classpath libraries into RCE. Learn how they work, key CVEs like CVE-2015-4852, and how to detect them.

Dec 2, 20256 min read
Vulnerability Analysis

Regular expression injection explained

Regex injection lets attackers rewrite pattern logic or trigger ReDoS. See real CVEs, exploit examples, and how to detect and fix it in your code.

Dec 2, 20257 min read
Vulnerability Analysis

Argument injection vulnerabilities explained

How argument injection (CWE-88) vulnerabilities work, real CVEs like PHPMailer and Git ssh URLs, and how teams detect and prevent CWE-88 flaws.

Dec 1, 20257 min read
Vulnerability Analysis (Page 29) — Supply Chain Security Blog | Safeguard