Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Vulnerability Analysis

XML External Entity (XXE) injection explained

XXE injection lets attackers abuse XML parsers to read files, hit cloud metadata via SSRF, or crash servers — here's how it works and how to stop it.

Dec 13, 20257 min read
Vulnerability Analysis

Open redirect vulnerabilities explained

Open redirect flaws (CWE-601) score as medium severity alone, but they power real phishing campaigns against Google, Amex, and Microsoft. Here's how they work and how to stop them.

Dec 12, 20257 min read
Vulnerability Analysis

Arbitrary file upload vulnerabilities explained

Arbitrary file upload flaws (CWE-434) have caused breaches from Equifax to GitLab. Here's how they work, the CVEs that prove it, and how to stop them.

Dec 12, 20257 min read
Vulnerability Analysis

NoSQL injection vulnerabilities explained

NoSQL injection lets attackers manipulate MongoDB-style queries via operators like $ne and $where. Learn how it works, real CVEs, and fixes.

Dec 10, 20257 min read
Vulnerability Analysis

LDAP injection vulnerabilities explained

LDAP injection lets attackers manipulate directory filters to bypass authentication or dump data. Here's how CWE-90 attacks work and how to stop them.

Dec 10, 20256 min read
Vulnerability Analysis

Server-side template injection (SSTI) explained

SSTI lets attackers turn template syntax into server-side RCE. See how it works, real CVEs like Confluence's, and how to prevent it.

Dec 10, 20257 min read
Vulnerability Analysis

Insecure direct object reference (IDOR) explained

IDOR lets attackers access other users' data by editing an ID in a request. See how it broke USPS, Panera, and First American — and how to actually fix it.

Dec 9, 20256 min read
Vulnerability Analysis

Authentication bypass vulnerabilities explained

Authentication bypass flaws let attackers skip login entirely. See how CVE-2022-40684, CVE-2023-22515, and CVE-2021-40539 were exploited and prevented.

Dec 9, 20257 min read
Vulnerability Analysis

Broken access control explained

Broken access control has topped OWASP's Top 10 since 2021. See real breaches, common patterns like IDOR, and how to detect and fix them.

Dec 9, 20257 min read
Vulnerability Analysis

Hardcoded credentials vulnerabilities explained

Hardcoded credentials (CWE-798) have caused real breaches at Uber, Toyota, and Mercedes-Benz. Here's how they happen, how common they are, and how to fix them.

Dec 8, 20257 min read
Vulnerability Analysis

Certificate validation bypass and man-in-the-middle risk explained

Certificate validation bypass flaws silently disable TLS's identity guarantees, opening the door to man-in-the-middle attacks. Here's how they happen and how to catch them.

Dec 8, 20256 min read
Vulnerability Analysis

Algorithmic complexity denial of service explained

Small inputs, big CPU spikes: how algorithmic complexity DoS vulnerabilities like ReDoS and hash flooding crash apps with a single request.

Dec 7, 20256 min read
application-security (Page 39) — Safeguard Blog