injection
Safeguard articles tagged "injection" — guides, analysis, and best practices for software supply chain and application security.
11 articles
The OWASP Top 10:2025, explained with minimal fix-it code
OWASP reordered its Top 10 for 2025 — Broken Access Control is back at #1 and a new Mishandling of Exceptional Conditions category debuts at #10.
How to Prevent Prototype Pollution in JavaScript
Prototype pollution turns a single crafted JSON key into process-wide corruption — and it has escalated to RCE in real Node.js apps. Here is how the attack works and four layers of defense that stop it.
JavaScript Security: The Common Pitfalls That Keep Burning Teams
The recurring JavaScript security mistakes that show up in real breaches — unsafe deserialization, injection sinks, prototype pollution, and trusting client input — each with vulnerable and fixed code.
OWASP A03: Injection Explained — A Deep-Dive Guide
Injection ranks #3 in the OWASP Top 10 (2021) and now includes XSS. A deep dive into SQLi, command injection, real CVEs, and how to detect and fix it in 2026.
Injection Path Detection: Griffin AI vs Mythos
Injection vulnerabilities are not really about the sink. They are about the path from untrusted input to the sink. The path is where Griffin AI and Mythos-class tools diverge.
SQL Injection Examples: Classic and Modern Attack Patterns
Real SQL injection examples from classic login bypass to blind, time-based, and ORM-era attacks, plus how to test for each one safely.
GraphQL Injection Prevention: Securing Your API Layer
GraphQL's flexible query language introduces injection risks that differ fundamentally from REST APIs. Preventing GraphQL injection requires understanding the query parser, resolver chain, and schema design.
XXE Attacks Explained: XML External Entity Injection
How an XXE attack turns a trusting XML parser into a file-reading, request-forging liability, with a concrete Java example and the parser flags that shut it down.
Environment Variable Injection in CI/CD Pipelines
Environment variables in CI/CD systems carry secrets, configuration, and control flow. When attackers can inject or modify them, everything breaks.
Makefile Injection Attacks: When Build Automation Becomes a Weapon
Makefiles execute shell commands by design. When those commands incorporate untrusted input, the results are predictably dangerous.
Environment Variable Injection in CI/CD: The Invisible Attack Surface
CI/CD pipelines trust environment variables implicitly. Injecting or modifying them can hijack builds, steal secrets, and compromise deployments.