application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
Preventing SQL Injection with Entity Framework
EF Core parameterizes every standard LINQ query by default — the real injection risk lives in three raw-SQL escape hatches Microsoft documents but developers still misuse.
Symmetric vs asymmetric file encryption in Python, done correctly
AES-GCM needs a unique 96-bit nonce every single time — reuse one under the same key and GCM's authentication guarantee collapses entirely, not just confidentiality.
The three dimensions of Python static analysis, and where each one blinds itself
AST scanners, taint trackers, and type checkers each solve a different problem — and each has a documented blind spot that lets real bugs through untouched.
Secure conditional rendering in React and Next.js Server Components
A CVSS 10.0 React Server Components flaw, patched in December 2025, shows why {isAdmin && <Panel/>} isn't access control — the data ships to the client either way.
ReDoS in Python and FastAPI: how one regex takes down an event loop
CVE-2024-3772 let a single crafted email string trigger catastrophic backtracking in Pydantic's own validator — the exact code path every FastAPI request body runs through.
A practical REST API hardening checklist
OWASP's 2023 API Security Top 10 still ranks broken object-level authorization as the #1 risk — here's a concrete checklist for authn, rate limiting, and input validation.
SAML SSO vulnerabilities: signature wrapping and assertion replay explained
A 2024 ruby-saml flaw (CVE-2024-45409, CVSS 9.8) let attackers forge SAML assertions and log in as any user, including admins — seven years after the same bug class was first disclosed.
The complete workflow for finding and remediating hardcoded secrets in GitHub
GitGuardian found 12.8 million secrets leaked on public GitHub in 2023 alone, and over 90% were still valid five days later. Here's the fix workflow that actually closes the gap.
A hardening guide to securing Flask applications
Flask ships session cookies with HttpOnly on by default — but Secure, SameSite, CSRF tokens, and every security header are left entirely to you.
Secure multi-tenant SaaS access control patterns
Broken Access Control has topped OWASP's Top 10 for two straight cycles, found in 100% of tested apps in 2025 — most of that risk starts with one missing tenant_id check.
Secure password hashing in Go: bcrypt, Argon2, and the mistakes in between
Go's bcrypt package caps input at 72 bytes and returns ErrPasswordTooLong instead of silently truncating — one of several Go-specific quirks that trip up password hashing code.
Secure URL Encoding and Decoding in Java
Java's URLEncoder turns spaces into + instead of %20 — a form-encoding quirk that, mixed with double-decoding, still causes path-traversal bugs like CVE-2025-41242 in 2025.