Vulnerability Guides
In-depth guides and analysis on vulnerability guides from the Safeguard engineering team.
20 articles
Mass Assignment Vulnerability: How to Prevent It
Mass assignment lets attackers set fields you never meant to expose — like isAdmin or accountBalance — by adding them to a request body. Here is the fix.
YAML Injection: How It Happens and How to Prevent It
YAML looks like a harmless config format, but the wrong parser call turns a config file into a code-execution engine. Here's how YAML deserialization attacks work and how to parse safely.
What is Insecure Deserialization? A Developer's Guide
Insecure deserialization turns a trusted data-loading routine into a remote code execution primitive. Learn how gadget chains work and how to deserialize untrusted data safely.
What Is SSTI (Server-Side Template Injection)?
SSTI happens when user input is compiled as template code instead of rendered as data, often leading straight to remote code execution. Here is how to prevent it.
What Is XXE (XML External Entity Injection)?
XXE abuses an XML parser's ability to load external entities to read local files, reach internal services, or knock a server offline. Here is how to stop it.
Cross-Site Scripting (XSS): A Prevention Guide
XSS lets an attacker run their JavaScript in your users' browsers — stealing sessions, rewriting pages, and pivoting to account takeover. This guide covers the three XSS types and the defenses that actually hold.
What Is IDOR (Insecure Direct Object Reference)?
IDOR lets an attacker swap an ID in a request and read or change data that belongs to someone else. Here is how it works and how to shut it down.
What is SSRF (Server-Side Request Forgery)?
Server-side request forgery tricks your own backend into making attacker-chosen requests — often against internal systems it should never reach. Here's how SSRF works and how to shut it down.