Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Application Security

A hands-on stack buffer overflow in C++: root cause and mitigations

The Morris Worm hit ~6,000 machines in 1988 via one unsafe gets() call. We build and hijack a stack overflow in C++ to teach why canaries and ASLR exist.

Jul 11, 20267 min read
Application Security

Modern C++ security: smart pointers, bounds checking, and static analysis

Microsoft has said for years that ~70% of the CVEs it patches trace to memory-safety bugs — here's how modern C++ actually closes that gap.

Jul 11, 20266 min read
Application Security

A hardening checklist for modern Drupal deployments

Drupal 7's 2025 end-of-life left unsupported sites exposed; here's a concrete checklist for module vetting, access control, and patch cadence on Drupal 10/11.

Jul 11, 20266 min read
Application Security

Why assert is not a security control in Python

Run Python with -O and every assert statement vanishes from the bytecode — including the ones guarding auth checks and input validation.

Jul 11, 20266 min read
Application Security

The Python code review security checklist: eval, pickle, and shell=True

Bandit ships named checks for eval, pickle, and shell=True — B307, B301, B602 — yet these three smells still slip past manual review into production Python.

Jul 11, 20266 min read
Application Security

React security best practices: stopping XSS, dangerouslySetInnerHTML, and dependency risk

React auto-escapes JSX text by default, but dangerouslySetInnerHTML, href injection, and a 500-package npm worm show where that protection stops.

Jul 11, 20266 min read
Application Security

Robust URL Validation in Python: Stopping SSRF and Open Redirects

One misparsed IP string cost Capital One 106 million records. Here's how to validate URLs in Python without repeating that mistake.

Jul 11, 20266 min read
Application Security

Building an authenticated, TLS-secured WebSocket server in Python

WebSockets skip same-origin checks by default — CWE-1385 exists because of it. Here's how to build one in Python with origin checks, TLS, and rate limits.

Jul 11, 20266 min read
Application Security

The most common C++ vulnerability classes, and the tooling that catches them

Memory-safety bugs account for roughly 70% of high-severity CVEs in large C/C++ codebases at Microsoft and Google. Here's why, and what actually stops them.

Jul 11, 20267 min read
Best Practices

Webhook security best practices: HMAC signing, replay protection, and IP allowlisting

Stripe gives webhook signatures a 5-minute tolerance window; GitHub signs with HMAC-SHA256. Here's how to build inbound and outbound webhooks that survive both.

Jul 11, 20267 min read
Application Security

How to Discover Shadow and Undocumented APIs Before Attackers Do

A single undocumented API endpoint exposed 10 million Optus records in 2022. Here's how to find shadow APIs in production and assess their real exposure.

Jul 10, 20266 min read
Application Security

A primer on the OWASP API Security Top 10 and how to test for it

The OWASP API Security Top 10 dropped Injection entirely in its 2023 update and added SSRF — most REST and GraphQL teams still test for the old list.

Jul 10, 20267 min read
application-security (Page 5) — Safeguard Blog