Safeguard
Tag

authorization

Safeguard articles tagged "authorization" — guides, analysis, and best practices for software supply chain and application security.

25 articles

AI Security

Agent-to-Agent Security in Multi-Agent Systems

Multi-agent systems inherit every trust problem of single-agent systems and add a few more. Here is how the threat model actually shifts.

Feb 22, 20267 min read
Concepts

What Is Access Control?

Access control decides who can reach a resource and what they can do with it. Learn the common models, how enforcement works, and why least privilege is the guiding rule.

Jan 14, 20266 min read
AI Security

AI Agent Tool-Scope Enforcement Patterns

Agents get tool lists, not tool boundaries. We walk through scoping patterns that actually hold when Claude 4 or GPT-5 picks the wrong function at runtime.

Jan 8, 20266 min read
AI Security

AI Tool Confused-Deputy: A Deep Dive

The confused deputy problem takes on new and subtle forms when AI agents invoke tools on behalf of users. A technical deep dive with concrete mitigations.

Dec 15, 20258 min read
AI Security

MCP Server Authentication and Authorization: Securing the AI Tool Layer

The Model Context Protocol enables AI agents to interact with external tools and data sources. Securing MCP servers requires authentication, authorization, and input validation patterns specific to the AI agent context.

Apr 5, 20258 min read
Concepts

What Is ABAC (Attribute-Based Access Control)

ABAC decides access by evaluating attributes of the user, resource, action, and environment against policy rules. Learn how it works and when to choose it over roles.

Dec 3, 20246 min read
Concepts

What Is RBAC (Role-Based Access Control)

RBAC grants permissions to roles, then assigns people to roles. Learn how this model simplifies access management, its core parts, and where it fits best.

Nov 5, 20246 min read
Concepts

What Is OAuth

OAuth lets one app access your data in another without ever seeing your password. Learn how delegated access works, what tokens and scopes do, and why it matters.

Aug 20, 20246 min read
Concepts

What Is Authorization

Authorization decides what an already-verified identity is allowed to do. Learn how it differs from authentication, how permission checks work, and the models that power them.

Jul 23, 20246 min read
Web Security

Privilege Escalation in Web Applications: Attacks and Defenses

Privilege escalation vulnerabilities let attackers elevate their access level within an application. This guide covers both vertical and horizontal escalation techniques, real-world patterns, and concrete defenses.

Feb 5, 20247 min read
Web Security

Authorization Vulnerabilities: Prevention and Best Practices

Authorization flaws let authenticated users access resources and perform actions beyond their intended permissions. Learn the most common authorization vulnerabilities and how to build robust access control systems.

Oct 5, 20237 min read
Application Security

Broken Access Control: The Number One Web Vulnerability and How to Fix It

Access control moved to the top of the OWASP Top 10 in 2021. Here is why it is so hard to get right and what a solid authorization architecture looks like.

May 25, 20226 min read
authorization (Page 2) — Safeguard Blog