fastapi
Safeguard articles tagged "fastapi" — guides, analysis, and best practices for software supply chain and application security.
8 articles
Dependency injection in Python: a guide to testability and security boundaries
FastAPI shipped a built-in DI container in its very first release in December 2018 — but the same swappability that makes DI testable can quietly ship a mock into production.
ReDoS in Python and FastAPI: how one regex takes down an event loop
CVE-2024-3772 let a single crafted email string trigger catastrophic backtracking in Pydantic's own validator — the exact code path every FastAPI request body runs through.
FastAPI Security Best Practices: A 2026 Guide
FastAPI's type system catches a whole class of bugs for free, but async I/O, JWT handling, and dependency injection introduce risks that Pydantic will not save you from.
Reachability Analysis for Python and pip in 2026
Python reachability is hard but useful: dynamic dispatch, monkey-patching, optional extras, and how modern tools handle real Django and FastAPI services.
Common OAuth2 and JWT implementation mistakes in FastAPI ...
A practical walkthrough of the FastAPI JWT security mistakes that lead to broken authentication, plus concrete fixes for OAuth2 flows and token validation.
FastAPI Authentication Best Practices in 2026
Practical, opinionated guidance on authentication in FastAPI: token formats, dependency patterns, refresh flows, and the mistakes we still see in production code reviews.
FastAPI Supply Chain Security: A Working Guide
FastAPI's dependency surface is deceptively large. Here is how to lock it down in practice, covering Starlette, Pydantic, Uvicorn, and the plugins you likely missed.
FastAPI Security Best Practices
Securing FastAPI applications with Pydantic validation, OAuth2 integration, and dependency injection patterns.