Safeguard
Tag

api-security

Safeguard articles tagged "api-security" — guides, analysis, and best practices for software supply chain and application security.

100 articles

Application Security

What is GraphQL Security

GraphQL's flexibility creates unique risks—excessive data exposure, DoS via nested queries, and broken field-level authorization. Here's how to defend it.

Mar 10, 20267 min read
Application Security

OWASP API Security Top 10 Explained

The 2023 OWASP API Security Top 10 explained with real breaches — T-Mobile, Optus, Peloton — plus what changed since 2019 and how to prioritize fixes.

Mar 10, 20267 min read
Application Security

API Security Misconfiguration

API misconfigurations exposed 37M T-Mobile and 9.8M Optus accounts without a single exploit. Here's why it keeps happening and how to stop it.

Mar 10, 20266 min read
Application Security

Unsafe Consumption of APIs

OWASP's API10:2023 exposes a blind spot: teams sanitize user input but blindly trust API responses from partners, vendors, and internal services.

Mar 9, 20267 min read
Application Security

What is Broken Object Level Authorization (BOLA)

BOLA lets attackers swap an object ID in an API request to pull someone else's data. Here's how it works, real breaches, and how to stop it.

Mar 9, 20267 min read
Application Security

What is an API Gateway and Its Security Role

An API gateway centralizes auth, routing, and rate limiting for every request — get it wrong and, as T-Mobile and Optus learned, millions of records leak.

Mar 9, 20268 min read
Application Security

What is Rate Limiting

Rate limiting caps requests per client to stop credential stuffing and scraping. Learn how it works, the algorithms, and real breaches it prevents.

Mar 9, 20266 min read
Application Security

What is API Authentication

API authentication verifies who's calling your API before authorization decides what they can do — here's how it works, common methods, and where it fails.

Mar 8, 20267 min read
Cryptography

HMAC

HMAC is a cryptographic construct that combines a hash function with a secret key to verify both the integrity and authenticity of a message.

Feb 28, 20267 min read
AppSec

Web Application Security Testing Tools in 2026

A category map of web application security testing tools in 2026, from SAST and DAST to API scanners, and how to pick a stack that matches your architecture.

Feb 18, 20265 min read
AI Security

MCP Server Rate-Limiting Patterns

A practical look at rate-limiting patterns for Model Context Protocol servers, covering per-tool quotas, token budgets, burst control, and abuse-resistant designs.

Feb 15, 20267 min read
Application Security

How to implement OAuth 2.0 securely

A step-by-step guide to implementing OAuth 2.0 securely: PKCE, redirect URI validation, token storage, and the vulnerabilities to avoid.

Feb 10, 20267 min read
api-security (Page 4) — Safeguard Blog