Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Application Security

Preventing SQL Injection with Entity Framework

EF Core parameterizes every standard LINQ query by default — the real injection risk lives in three raw-SQL escape hatches Microsoft documents but developers still misuse.

Jul 8, 20266 min read
Best Practices

Symmetric vs asymmetric file encryption in Python, done correctly

AES-GCM needs a unique 96-bit nonce every single time — reuse one under the same key and GCM's authentication guarantee collapses entirely, not just confidentiality.

Jul 8, 20267 min read
Application Security

The three dimensions of Python static analysis, and where each one blinds itself

AST scanners, taint trackers, and type checkers each solve a different problem — and each has a documented blind spot that lets real bugs through untouched.

Jul 8, 20266 min read
Application Security

Secure conditional rendering in React and Next.js Server Components

A CVSS 10.0 React Server Components flaw, patched in December 2025, shows why {isAdmin && <Panel/>} isn't access control — the data ships to the client either way.

Jul 8, 20266 min read
Application Security

ReDoS in Python and FastAPI: how one regex takes down an event loop

CVE-2024-3772 let a single crafted email string trigger catastrophic backtracking in Pydantic's own validator — the exact code path every FastAPI request body runs through.

Jul 8, 20266 min read
Application Security

A practical REST API hardening checklist

OWASP's 2023 API Security Top 10 still ranks broken object-level authorization as the #1 risk — here's a concrete checklist for authn, rate limiting, and input validation.

Jul 8, 20266 min read
Application Security

SAML SSO vulnerabilities: signature wrapping and assertion replay explained

A 2024 ruby-saml flaw (CVE-2024-45409, CVSS 9.8) let attackers forge SAML assertions and log in as any user, including admins — seven years after the same bug class was first disclosed.

Jul 8, 20266 min read
Best Practices

The complete workflow for finding and remediating hardcoded secrets in GitHub

GitGuardian found 12.8 million secrets leaked on public GitHub in 2023 alone, and over 90% were still valid five days later. Here's the fix workflow that actually closes the gap.

Jul 8, 20268 min read
Application Security

A hardening guide to securing Flask applications

Flask ships session cookies with HttpOnly on by default — but Secure, SameSite, CSRF tokens, and every security header are left entirely to you.

Jul 8, 20266 min read
Application Security

Secure multi-tenant SaaS access control patterns

Broken Access Control has topped OWASP's Top 10 for two straight cycles, found in 100% of tested apps in 2025 — most of that risk starts with one missing tenant_id check.

Jul 8, 20266 min read
Application Security

Secure password hashing in Go: bcrypt, Argon2, and the mistakes in between

Go's bcrypt package caps input at 72 bytes and returns ErrPasswordTooLong instead of silently truncating — one of several Go-specific quirks that trip up password hashing code.

Jul 8, 20266 min read
Application Security

Secure URL Encoding and Decoding in Java

Java's URLEncoder turns spaces into + instead of %20 — a form-encoding quirk that, mixed with double-decoding, still causes path-traversal bugs like CVE-2025-41242 in 2025.

Jul 8, 20266 min read
application-security (Page 11) — Safeguard Blog