Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Application Security

What is the CERT Secure Coding Standard

CERT secure coding standards give C, C++, and Java developers rule-by-rule guidance — with IDs, risk scores, and fix patterns — for avoiding exploitable bugs.

Jan 29, 20261 min read
Vulnerability Analysis

What is Input Validation

Input validation stops malicious data at the door. See the CVEs — Equifax, Log4Shell, MOVEit — that prove why skipping it, or doing it wrong, is so costly.

Jan 28, 20266 min read
Industry Analysis

Django ORM SQL injection edge cases beyond parameterized ...

Django's ORM parameterizes queries by default, but .raw(), .extra(), and annotate() calls create real SQL injection risk. Here's what to check.

Jan 28, 20267 min read
Vulnerability Analysis

What is Input Sanitization

Input sanitization stops attacker-controlled data from executing as code. Learn how it works, how it differs from validation, and where it fails.

Jan 28, 20267 min read
Vulnerability Analysis

What Are Parameterized Queries

Parameterized queries stop SQL injection by binding user input as data instead of parsing it as SQL — here's how they work, and where they still fail.

Jan 28, 20266 min read
Regulatory Compliance

Django CSRF protection and common session security miscon...

Django's CSRF defaults are solid, but wildcards, exempted webhooks, and reordered middleware quietly undo them. Here's where django csrf misconfiguration actually happens.

Jan 27, 20267 min read
Best Practices

What is Security by Obscurity

Security by obscurity means hiding a system instead of securing it. Here's why that bet fails, with real breaches, real CVEs, and what to build instead.

Jan 27, 20267 min read
Industry Analysis

Rails Active Record SQL injection via raw queries and str...

A concrete look at how raw SQL and string interpolation reopen rails active record sql injection risk, from CVE-2012-2695 to modern where-clause and order-by exploits.

Jan 26, 20267 min read
Application Security

FastAPI Authentication Best Practices in 2026

Practical, opinionated guidance on authentication in FastAPI: token formats, dependency patterns, refresh flows, and the mistakes we still see in production code reviews.

Jan 22, 20265 min read
Application Security

Next-Generation Software Composition Analysis: Beyond Dependency Lists

Traditional SCA tools tell you what's in your software. Next-gen SCA tells you what matters. Here's how the category is evolving.

Jan 22, 20266 min read
Industry Analysis

The Hidden Cost of AI Code in Financial Services

Banks and fintechs are shipping AI-generated code faster than they can vet it. The bill for that speed is starting to come due.

Jan 22, 20267 min read
Regulatory Compliance

Spring Boot Actuator endpoint exposure and information di...

Exposed Spring Boot actuator endpoints leak env variables, heap dumps, and credentials via a single unauthenticated request — here's why it keeps happening and how to fix it.

Jan 22, 20267 min read
application-security (Page 37) — Safeguard Blog