Safeguard
Tag

api-security

Safeguard articles tagged "api-security" — guides, analysis, and best practices for software supply chain and application security.

100 articles

Application Security

How to secure a REST API

REST API breaches from T-Mobile to Optus trace to a handful of recurring mistakes. Here's how to fix authorization, auth, injection, and rate limiting.

Jun 1, 20266 min read
Application Security

Improving GraphQL security with static analysis

GraphQL's flexible query model breaks REST-era security assumptions. Here's how static analysis catches introspection leaks, DoS, and BOLA before deploy.

Apr 27, 20266 min read
Application Security

Building a secure GraphQL API with Node.js

A practical guide to securing Node.js GraphQL APIs: query complexity limits, field-level authorization, injection-safe resolvers, and CSRF hardening.

Apr 27, 20267 min read
Application Security

Microservices security: authentication between services

Service-to-service auth stops lateral movement between microservices. Learn how mTLS, OAuth2, and SPIFFE/SPIRE secure internal calls in production.

Apr 26, 20267 min read
Application Security

Preventing broken access control in Express.js applications

Express.js ships with no built-in authorization layer, making broken access control easy to introduce and hard to catch with pattern-based scanners.

Apr 17, 20267 min read
Vulnerability Analysis

What is Insecure Direct Object Reference (IDOR)

IDOR lets attackers access other users data just by changing an ID in a URL or API call. Learn how it works, real breaches, and how to fix it.

Mar 28, 20267 min read
Vulnerability Analysis

What is NoSQL Injection

NoSQL injection lets attackers bypass logins or run code using MongoDB operators like $ne and $where. See real CVEs, examples, and effective defenses.

Mar 27, 20267 min read
Vulnerability Analysis

What is a Business Logic Vulnerability

Business logic vulnerabilities exploit correct code enforcing the wrong rules. Learn what they are, real breach examples, and how to detect them.

Mar 24, 20266 min read
Cloud Security

What is Microservices Security

Microservices security means securing service-to-service auth, dependencies, and containers across hundreds of independently deployed services—not one monolith.

Mar 17, 20267 min read
Application Security

What is API Security

API security explained: what it is, why APIs are the top breach vector, the OWASP API Top 10, real breaches, and how to test and monitor endpoints.

Mar 11, 20267 min read
Application Security

API Security Testing Checklist & Best Practices

A concrete API security testing checklist covering OWASP API Top 10 risks, BOLA, SSRF, testing cadence, SAST/DAST, and how Safeguard closes the gaps.

Mar 11, 20267 min read
Application Security

How to Secure REST APIs

REST APIs keep failing the same way: BOLA, weak auth, shadow endpoints. Real breaches (T-Mobile, Optus, Peloton) and concrete fixes for each.

Mar 10, 20267 min read
api-security (Page 3) — Safeguard Blog