application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
Preventing open redirect vulnerabilities
Open redirect flaws turn trusted domains into phishing and OAuth-token-theft infrastructure. Here's how they work, how to find them, and how to fix them for good.
Preventing XML external entity (XXE) injection
XXE injection lets attackers read local files, trigger SSRF, or crash servers via XML parsers. Here is how it works and how to shut it down for good.
Python security best practices cheat sheet
A no-fluff cheat sheet of concrete Python security fixes—dependency pinning, pickle/eval risks, PyPI trust signals, and CI gates—with real CVEs and commands.
Software Composition Analysis (SCA) explained: how it fin...
SCA scans your dependency tree against CVE databases to catch vulnerable open-source packages like Log4Shell before they reach production.
10 Java security best practices
10 Java security best practices security teams should enforce across dependency management, deserialization, injection, secrets, and build pipelines.
Go security cheat sheet for developers
A practical Go security cheat sheet: the real vulnerability classes, must-patch stdlib CVEs, and dependency scanning tactics developers need to know.
PHP security best practices guide
A practical PHP security best practices guide covering SQL injection, deserialization RCE, upload hardening, dependency risk, and real exploited CVEs like CVE-2024-4577.
Better Ruby Gemfile security: a step-by-step guide
A step-by-step guide to auditing your Gemfile.lock, spotting RubyGems supply chain attacks, and locking down Ruby dependencies before they ship.
10 React security best practices
Real CVEs, real npm supply chain hijacks, and the concrete React practices — from CSP to token storage — that actually stop them.
6 Angular security best practices cheat sheet
A six-part cheat sheet on Angular security: sanitizer limits, AngularJS EOL, dependency risk, token storage, CSP nonces, and library auditing.
Comparing React and Angular secure coding practices
React auto-escapes JSX but not URLs; Angular sanitizes by context but allows explicit bypasses. Here's where each framework's XSS defenses actually stop.
AngularJS security fundamentals
AngularJS has been unpatched since January 2022, yet it still runs in production. Here's the CVE history, the sandbox saga, and how to find your exposure.