Safeguard
Tag

authorization

Safeguard articles tagged "authorization" — guides, analysis, and best practices for software supply chain and application security.

25 articles

Kubernetes Security

Broken object-level authorization in Kubernetes integrations: CVE-2023-1065

One leaked Integration ID was enough to pollute a Snyk customer's findings — CVE-2023-1065 shows why possession of an identifier is not authorization.

Jul 14, 20266 min read
Application Security

Securing gRPC APIs: mTLS, Interceptors, and Input Validation

CVE-2023-44487 knocked grpc-go services offline with a Rapid Reset flood — a reminder that gRPC ships fast, insecure by default, and needs hardening at every layer.

Jul 10, 20266 min read
Security Guides

OAuth 2.0 Security Best Practices (2026)

OAuth 2.0 is safe when you follow the current security BCP and dangerous when you follow a decade-old tutorial. Here is what RFC 9700 requires in 2026: PKCE everywhere, exact redirect matching, and sender-constrained tokens.

Jul 7, 20266 min read
Security Guides

REST API Security Best Practices: The OWASP API Top 10 in Practice

Most API breaches aren't exotic — they're broken object-level authorization and missing rate limits. A practical walk through the OWASP API Security Top 10.

Jul 6, 20265 min read
Security Guides

GraphQL API Security: Introspection, Depth Limits, and Authorization

GraphQL's flexibility is its attack surface. Nested queries, introspection, and per-field authorization all fail differently than REST. Here's how to secure them.

Jul 5, 20265 min read
Vulnerability Guides

Mass Assignment Vulnerability: How to Prevent It

Mass assignment lets attackers set fields you never meant to expose — like isAdmin or accountBalance — by adding them to a request body. Here is the fix.

Jul 2, 20265 min read
Concepts

Authentication vs Authorization: What's the Difference?

Authentication proves who you are. Authorization decides what you're allowed to do. One is the ID check at the door; the other is the list of rooms you can enter.

Jul 2, 20265 min read
Security Guides

OWASP A01: Broken Access Control — A Deep-Dive Guide

Broken Access Control is the #1 OWASP Top 10 (2021) risk. A deep dive into IDOR, missing authorization, real CVEs, and how to detect and fix it in 2026.

Jul 1, 20267 min read
AI Security

Defending LLM agents against confused-deputy attacks on their tool privileges

An LLM agent with tools is a deputy that holds privileges its users do not. Attackers exploit that gap by tricking the agent into using those privileges on their behalf — here is how to design defenses that hold up.

May 13, 20268 min read
AI Security

MCP Server Authorization Patterns in 2026

The Model Context Protocol shifted agent integration from custom glue to a standard surface. Authorization patterns that work, and the ones that keep biting teams.

Mar 19, 20266 min read
AI Security

AI Agent Tool Confused Deputy Problem in 2026

A senior engineer's take on the confused deputy problem in AI agent tool use, why it keeps reappearing in 2026, and the architectural patterns that actually fix it.

Mar 14, 20267 min read
Application Security

What is GraphQL Security

GraphQL's flexibility creates unique risks—excessive data exposure, DoS via nested queries, and broken field-level authorization. Here's how to defend it.

Mar 10, 20267 min read
authorization — Safeguard Blog