application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
XML External Entity (XXE) injection explained
XXE injection lets attackers abuse XML parsers to read files, hit cloud metadata via SSRF, or crash servers — here's how it works and how to stop it.
Open redirect vulnerabilities explained
Open redirect flaws (CWE-601) score as medium severity alone, but they power real phishing campaigns against Google, Amex, and Microsoft. Here's how they work and how to stop them.
Arbitrary file upload vulnerabilities explained
Arbitrary file upload flaws (CWE-434) have caused breaches from Equifax to GitLab. Here's how they work, the CVEs that prove it, and how to stop them.
NoSQL injection vulnerabilities explained
NoSQL injection lets attackers manipulate MongoDB-style queries via operators like $ne and $where. Learn how it works, real CVEs, and fixes.
LDAP injection vulnerabilities explained
LDAP injection lets attackers manipulate directory filters to bypass authentication or dump data. Here's how CWE-90 attacks work and how to stop them.
Server-side template injection (SSTI) explained
SSTI lets attackers turn template syntax into server-side RCE. See how it works, real CVEs like Confluence's, and how to prevent it.
Insecure direct object reference (IDOR) explained
IDOR lets attackers access other users' data by editing an ID in a request. See how it broke USPS, Panera, and First American — and how to actually fix it.
Authentication bypass vulnerabilities explained
Authentication bypass flaws let attackers skip login entirely. See how CVE-2022-40684, CVE-2023-22515, and CVE-2021-40539 were exploited and prevented.
Broken access control explained
Broken access control has topped OWASP's Top 10 since 2021. See real breaches, common patterns like IDOR, and how to detect and fix them.
Hardcoded credentials vulnerabilities explained
Hardcoded credentials (CWE-798) have caused real breaches at Uber, Toyota, and Mercedes-Benz. Here's how they happen, how common they are, and how to fix them.
Certificate validation bypass and man-in-the-middle risk explained
Certificate validation bypass flaws silently disable TLS's identity guarantees, opening the door to man-in-the-middle attacks. Here's how they happen and how to catch them.
Algorithmic complexity denial of service explained
Small inputs, big CPU spikes: how algorithmic complexity DoS vulnerabilities like ReDoS and hash flooding crash apps with a single request.