Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Application Security

Unsafe Consumption of APIs

OWASP's API10:2023 exposes a blind spot: teams sanitize user input but blindly trust API responses from partners, vendors, and internal services.

Mar 9, 20267 min read
Application Security

What is Broken Object Level Authorization (BOLA)

BOLA lets attackers swap an object ID in an API request to pull someone else's data. Here's how it works, real breaches, and how to stop it.

Mar 9, 20267 min read
Application Security

What is an API Gateway and Its Security Role

An API gateway centralizes auth, routing, and rate limiting for every request — get it wrong and, as T-Mobile and Optus learned, millions of records leak.

Mar 9, 20268 min read
Application Security

What is Rate Limiting

Rate limiting caps requests per client to stop credential stuffing and scraping. Learn how it works, the algorithms, and real breaches it prevents.

Mar 9, 20266 min read
Application Security

What is API Authentication

API authentication verifies who's calling your API before authorization decides what they can do — here's how it works, common methods, and where it fails.

Mar 8, 20267 min read
Application Security

OAuth vs API Keys

OAuth and API keys aren't interchangeable: one is a static, long-lived credential, the other a scoped, expiring token. Here's how to choose, backed by real breaches.

Mar 8, 20267 min read
AI Security

What is Prompt Injection

Prompt injection is OWASP's #1 LLM risk. Learn how it works, real CVEs like EchoLeak, and how to detect and defend against it.

Mar 4, 20268 min read
AI Security

Risks of AI-Generated Code

AI coding assistants now write nearly half of some codebases—and research shows 45% of that code ships with exploitable flaws. Here's what security teams need to know.

Mar 3, 20267 min read
AI Security

What is Vibe Coding (and Its Security Risks)

Vibe coding lets AI write entire apps from a prompt with little human review — here's what it is, real incidents it's caused, and how to detect the risk.

Mar 3, 20267 min read
AI Security

What is Insecure Output Handling in LLMs

Insecure output handling lets LLM-generated text execute code, alter queries, or render unsanitized HTML — a real, exploitable OWASP LLM05:2025 risk.

Mar 2, 20267 min read
Application Security

IAST vs SAST in 2026: When to Use Which

A practical guide to when IAST adds value over SAST in 2026, with the workload characteristics that justify the operational cost of runtime instrumentation.

Feb 28, 20266 min read
Industry Analysis

Insecure deserialization attack

A precise breakdown of what is an insecure deserialization attack, how object injection and gadget chains work in Java and Python, and how to defend against them.

Feb 25, 20267 min read
application-security (Page 33) — Safeguard Blog