application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
CRLF injection and HTTP response splitting explained
CRLF injection lets attackers forge HTTP headers and split responses. Here's how it works, real CVEs behind it, and how to detect and stop it.
Business logic vulnerabilities explained
A business logic vulnerability breaks your app's rules, not its code. See how Starbucks, Shopify, and the DAO were exploited -- and how to detect and prevent it.
Mass assignment vulnerabilities explained
Mass assignment lets attackers write privileged fields like "role":"admin" via ordinary API calls. Learn how it works, real CVEs, and fixes.
GraphQL injection and introspection abuse explained
How GraphQL injection, introspection abuse, and alias-based DoS attacks expose APIs to data leaks—illustrated by the 2021 Peloton breach.
Prompt injection vulnerabilities in LLM applications explained
Prompt injection is OWASP's #1 LLM risk. See real CVEs like Vanna.AI's RCE flaw and how to detect and stop it.
Java deserialization gadget chains explained
Java deserialization gadget chains turn trusted classpath libraries into RCE. Learn how they work, key CVEs like CVE-2015-4852, and how to detect them.
Regular expression injection explained
Regex injection lets attackers rewrite pattern logic or trigger ReDoS. See real CVEs, exploit examples, and how to detect and fix it in your code.
Argument injection vulnerabilities explained
How argument injection (CWE-88) vulnerabilities work, real CVEs like PHPMailer and Git ssh URLs, and how teams detect and prevent CWE-88 flaws.
Best SAST tools for enterprise applications
A practical buyer's guide comparing top SAST tools for enterprise apps -- strengths, limitations, and how Safeguard unifies findings across your pipeline.
Best DAST tools for web application security testing
A practical comparison of DAST tools -- from OWASP ZAP to Invicti -- covering real strengths, limitations, and what Safeguard adds beyond runtime scanning.
Best IAST tools for runtime application security testing
A practical, no-fluff comparison of IAST tools for runtime application security testing — evaluation criteria, honest vendor tradeoffs, and where supply chain risk still slips through.
PHP object injection vulnerability landscape
Industry analysis of PHP object injection vulnerability trends, gadget chains, and real-world CVEs, plus how to find exploitable deserialization paths.