Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Application Security

Preventing open redirect vulnerabilities

Open redirect flaws turn trusted domains into phishing and OAuth-token-theft infrastructure. Here's how they work, how to find them, and how to fix them for good.

May 28, 20267 min read
Application Security

Preventing XML external entity (XXE) injection

XXE injection lets attackers read local files, trigger SSRF, or crash servers via XML parsers. Here is how it works and how to shut it down for good.

May 28, 20267 min read
Application Security

Python security best practices cheat sheet

A no-fluff cheat sheet of concrete Python security fixes—dependency pinning, pickle/eval risks, PyPI trust signals, and CI gates—with real CVEs and commands.

May 28, 20261 min read
Application Security

Software Composition Analysis (SCA) explained: how it fin...

SCA scans your dependency tree against CVE databases to catch vulnerable open-source packages like Log4Shell before they reach production.

May 28, 20267 min read
Application Security

10 Java security best practices

10 Java security best practices security teams should enforce across dependency management, deserialization, injection, secrets, and build pipelines.

May 27, 20267 min read
Application Security

Go security cheat sheet for developers

A practical Go security cheat sheet: the real vulnerability classes, must-patch stdlib CVEs, and dependency scanning tactics developers need to know.

May 27, 20267 min read
Application Security

PHP security best practices guide

A practical PHP security best practices guide covering SQL injection, deserialization RCE, upload hardening, dependency risk, and real exploited CVEs like CVE-2024-4577.

May 27, 20268 min read
Application Security

Better Ruby Gemfile security: a step-by-step guide

A step-by-step guide to auditing your Gemfile.lock, spotting RubyGems supply chain attacks, and locking down Ruby dependencies before they ship.

May 27, 20267 min read
Application Security

10 React security best practices

Real CVEs, real npm supply chain hijacks, and the concrete React practices — from CSP to token storage — that actually stop them.

May 26, 20268 min read
Application Security

6 Angular security best practices cheat sheet

A six-part cheat sheet on Angular security: sanitizer limits, AngularJS EOL, dependency risk, token storage, CSP nonces, and library auditing.

May 26, 20267 min read
Application Security

Comparing React and Angular secure coding practices

React auto-escapes JSX but not URLs; Angular sanitizes by context but allows explicit bypasses. Here's where each framework's XSS defenses actually stop.

May 26, 20269 min read
Application Security

AngularJS security fundamentals

AngularJS has been unpatched since January 2022, yet it still runs in production. Here's the CVE history, the sandbox saga, and how to find your exposure.

May 26, 20267 min read
application-security (Page 21) — Safeguard Blog