api-security
Safeguard articles tagged "api-security" — guides, analysis, and best practices for software supply chain and application security.
100 articles
How to secure a REST API
REST API breaches from T-Mobile to Optus trace to a handful of recurring mistakes. Here's how to fix authorization, auth, injection, and rate limiting.
Improving GraphQL security with static analysis
GraphQL's flexible query model breaks REST-era security assumptions. Here's how static analysis catches introspection leaks, DoS, and BOLA before deploy.
Building a secure GraphQL API with Node.js
A practical guide to securing Node.js GraphQL APIs: query complexity limits, field-level authorization, injection-safe resolvers, and CSRF hardening.
Microservices security: authentication between services
Service-to-service auth stops lateral movement between microservices. Learn how mTLS, OAuth2, and SPIFFE/SPIRE secure internal calls in production.
Preventing broken access control in Express.js applications
Express.js ships with no built-in authorization layer, making broken access control easy to introduce and hard to catch with pattern-based scanners.
What is Insecure Direct Object Reference (IDOR)
IDOR lets attackers access other users data just by changing an ID in a URL or API call. Learn how it works, real breaches, and how to fix it.
What is NoSQL Injection
NoSQL injection lets attackers bypass logins or run code using MongoDB operators like $ne and $where. See real CVEs, examples, and effective defenses.
What is a Business Logic Vulnerability
Business logic vulnerabilities exploit correct code enforcing the wrong rules. Learn what they are, real breach examples, and how to detect them.
What is Microservices Security
Microservices security means securing service-to-service auth, dependencies, and containers across hundreds of independently deployed services—not one monolith.
What is API Security
API security explained: what it is, why APIs are the top breach vector, the OWASP API Top 10, real breaches, and how to test and monitor endpoints.
API Security Testing Checklist & Best Practices
A concrete API security testing checklist covering OWASP API Top 10 risks, BOLA, SSRF, testing cadence, SAST/DAST, and how Safeguard closes the gaps.
How to Secure REST APIs
REST APIs keep failing the same way: BOLA, weak auth, shadow endpoints. Real breaches (T-Mobile, Optus, Peloton) and concrete fixes for each.