Safeguard
Tag

appsec

Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.

339 articles

Industry Analysis

SQL Injection Prevention in Go with database/sql Prepared...

How Go's database/sql prepared statements prevent SQL injection, where developers still get it wrong with dynamic queries and ORMs, and how Safeguard catches these gaps in code review.

Oct 26, 20258 min read
Regulatory Compliance

SQL Injection Prevention in C# with Entity Framework/LINQ

EF Core's LINQ layer parameterizes queries by default, but FromSqlRaw, ExecuteSqlRaw, and dynamic sort columns still open real SQL injection risk in .NET apps.

Oct 26, 20258 min read
Industry Analysis

SQL Injection Prevention in PHP with Parameterized Queries

Parameterized queries stop SQL injection in PHP by separating code from data. Here's how PDO and MySQLi prepared statements work, and where they still fail.

Oct 26, 20258 min read
Industry Analysis

SQL Injection Prevention in Ruby with exec_params Binding

Ruby's pg gem makes SQL injection preventable with one method change. Here's how exec_params binds parameters, why Rails CVEs keep recurring, and how to migrate safely.

Oct 26, 20257 min read
Industry Analysis

SQL Injection Prevention in Rust with sqlx

sqlx blocks SQL injection by default with compile-time query checks and bind parameters — but format!() and raw SQL calls can still reopen the gap. Here's how to audit for it.

Oct 25, 20257 min read
Industry Analysis

SQL Injection Prevention in C++ with SQLite Bind Parameters

How sqlite3_bind_text() stops SQL injection in C++ apps, common mistakes with bind parameters, and how to audit existing SQLite code for injection risk.

Oct 25, 20257 min read
Industry Analysis

Path Traversal Prevention in JavaScript/Node.js with path...

path.normalize() alone will not stop path traversal in Node.js. Real CVEs like node-tar show why resolve-then-compare beats normalize-then-trust.

Oct 25, 20257 min read
Industry Analysis

Path Traversal Prevention in PHP: Avoiding include() with...

PHP's include() turns a path traversal bug into remote code execution. See how CVE-2015-2213 and CVE-2022-1329 happened, and how to prevent it with allowlists.

Oct 25, 20257 min read
Industry Analysis

Path Traversal Prevention in Python with os.path.realpath

os.path.normpath() and abspath() don't stop symlink-based path traversal. Here's how os.path.realpath() closes the gap, with real CVEs and a secure pattern.

Oct 24, 20257 min read
Industry Analysis

Path Traversal Prevention in Java with Path.normalize

Path.normalize() cleans up "." and ".." in a Java path — but it doesn't stop path traversal. Here's why the Zip Slip pattern still slips past code review in 2026.

Oct 24, 20257 min read
Industry Analysis

Path Traversal Prevention in C++ with std::filesystem::we...

Why std::filesystem::weakly_canonical alone doesn't stop path traversal in C++, and the containment check every extraction, upload, or plugin loader needs beside it.

Oct 23, 20257 min read
Industry Analysis

XXE Prevention in Ruby with Nokogiri NONET/NOENT

Nokogiri wraps libxml2, and one misconfigured parse call can leak local files or trigger SSRF. Here's how NONET and NOENT actually work, and how to lock them down.

Oct 23, 20258 min read
appsec (Page 18) — Safeguard Blog