Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Application Security

Out-of-Bounds Read Vulnerabilities (CWE-125) Explained

How out-of-bounds read vulnerabilities (CWE-125) leak memory instead of crashing programs, why Heartbleed and Cloudbleed happened, and how to catch them in your dependencies.

Nov 12, 20257 min read
Application Security

Out-of-Bounds Write Vulnerabilities (CWE-787) Explained

CWE-787 out-of-bounds write bugs let attackers corrupt memory past a buffer's limit, causing crashes or code execution. Here's how they work.

Nov 12, 20258 min read
Application Security

Improper Restriction of Operations Within Memory Bounds

CWE-119 has topped MITRE's vulnerability rankings for years, from Heartbleed to WannaCry to the 2023 libwebp zero-day. Here's why it persists and how to catch it early.

Nov 11, 20257 min read
Application Security

Integer Overflow and Wraparound Vulnerabilities

A single wrapped integer minted 184B bitcoin, grounded 787s, and erased $900M from a crypto token. Here's how overflow bugs work—and how Safeguard catches them first.

Nov 11, 20258 min read
Application Security

Double-Free Vulnerabilities in C and C++

Double-free bugs let attackers corrupt heap memory and hijack control flow. Here's how they happen in C/C++, real CVEs, and how to catch them early.

Nov 11, 20258 min read
Application Security

Memory Leak Vulnerabilities: Causes and Detection

Memory leaks aren't just a performance bug — from Heartbleed to Samba's CVE-2018-16851, they're a documented attack surface. Here's how they're caused, scored, and detected.

Nov 11, 20257 min read
Application Security

Null Pointer Dereference Vulnerabilities

A single unchecked pointer can crash a server. Here's what null pointer dereference vulnerabilities are, real CVEs like OpenSSL's, and how to catch them.

Nov 10, 20257 min read
Application Security

Uncaught Exception Security Risks

An uncaught exception isn't just a crash: it caused the Equifax breach and Log4j outages. See how exception-handling bugs become real security incidents.

Nov 10, 20257 min read
Application Security

Insufficient Encapsulation Vulnerabilities

An insufficient encapsulation vulnerability (CWE-485) exposes internal state to untrusted code. See how it drove real CVEs in Velocity, Lodash, and BeanUtils.

Nov 10, 20257 min read
Application Security

Generation of Predictable Numbers or Identifiers

From Debian's 2008 OpenSSL bug to First American's 885-million-record leak, predictable identifiers keep breaking security. Here's how the vulnerability works and how to stop it.

Nov 10, 20257 min read
Industry Analysis

NoSQL Injection Attack Techniques

NoSQL injection lets attackers bypass logins and hijack MongoDB/CouchDB apps using operators like $ne and $where. Here's how it works and how to stop it.

Nov 9, 20258 min read
Buyer's Guides

Best fuzz testing tools for finding software vulnerabilities

A practical, no-hype comparison of AFL++, libFuzzer, OSS-Fuzz, Honggfuzz, Jazzer, and Mayhem — with real strengths, limitations, and how to choose.

Nov 9, 20258 min read
application-security (Page 41) — Safeguard Blog