application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
What is the CERT Secure Coding Standard
CERT secure coding standards give C, C++, and Java developers rule-by-rule guidance — with IDs, risk scores, and fix patterns — for avoiding exploitable bugs.
What is Input Validation
Input validation stops malicious data at the door. See the CVEs — Equifax, Log4Shell, MOVEit — that prove why skipping it, or doing it wrong, is so costly.
Django ORM SQL injection edge cases beyond parameterized ...
Django's ORM parameterizes queries by default, but .raw(), .extra(), and annotate() calls create real SQL injection risk. Here's what to check.
What is Input Sanitization
Input sanitization stops attacker-controlled data from executing as code. Learn how it works, how it differs from validation, and where it fails.
What Are Parameterized Queries
Parameterized queries stop SQL injection by binding user input as data instead of parsing it as SQL — here's how they work, and where they still fail.
Django CSRF protection and common session security miscon...
Django's CSRF defaults are solid, but wildcards, exempted webhooks, and reordered middleware quietly undo them. Here's where django csrf misconfiguration actually happens.
What is Security by Obscurity
Security by obscurity means hiding a system instead of securing it. Here's why that bet fails, with real breaches, real CVEs, and what to build instead.
Rails Active Record SQL injection via raw queries and str...
A concrete look at how raw SQL and string interpolation reopen rails active record sql injection risk, from CVE-2012-2695 to modern where-clause and order-by exploits.
FastAPI Authentication Best Practices in 2026
Practical, opinionated guidance on authentication in FastAPI: token formats, dependency patterns, refresh flows, and the mistakes we still see in production code reviews.
Next-Generation Software Composition Analysis: Beyond Dependency Lists
Traditional SCA tools tell you what's in your software. Next-gen SCA tells you what matters. Here's how the category is evolving.
The Hidden Cost of AI Code in Financial Services
Banks and fintechs are shipping AI-generated code faster than they can vet it. The bill for that speed is starting to come due.
Spring Boot Actuator endpoint exposure and information di...
Exposed Spring Boot actuator endpoints leak env variables, heap dumps, and credentials via a single unauthenticated request — here's why it keeps happening and how to fix it.