Safeguard
Tag

injection

Safeguard articles tagged "injection" — guides, analysis, and best practices for software supply chain and application security.

11 articles

Application Security

The OWASP Top 10:2025, explained with minimal fix-it code

OWASP reordered its Top 10 for 2025 — Broken Access Control is back at #1 and a new Mishandling of Exceptional Conditions category debuts at #10.

Jul 15, 20269 min read
Security Guides

How to Prevent Prototype Pollution in JavaScript

Prototype pollution turns a single crafted JSON key into process-wide corruption — and it has escalated to RCE in real Node.js apps. Here is how the attack works and four layers of defense that stop it.

Jul 4, 20265 min read
Security Guides

JavaScript Security: The Common Pitfalls That Keep Burning Teams

The recurring JavaScript security mistakes that show up in real breaches — unsafe deserialization, injection sinks, prototype pollution, and trusting client input — each with vulnerable and fixed code.

Jul 2, 20265 min read
Security Guides

OWASP A03: Injection Explained — A Deep-Dive Guide

Injection ranks #3 in the OWASP Top 10 (2021) and now includes XSS. A deep dive into SQLi, command injection, real CVEs, and how to detect and fix it in 2026.

Jul 2, 20266 min read
AI Security

Injection Path Detection: Griffin AI vs Mythos

Injection vulnerabilities are not really about the sink. They are about the path from untrusted input to the sink. The path is where Griffin AI and Mythos-class tools diverge.

Feb 27, 20265 min read
Vulnerabilities

SQL Injection Examples: Classic and Modern Attack Patterns

Real SQL injection examples from classic login bypass to blind, time-based, and ORM-era attacks, plus how to test for each one safely.

Jun 4, 20246 min read
Application Security

GraphQL Injection Prevention: Securing Your API Layer

GraphQL's flexible query language introduces injection risks that differ fundamentally from REST APIs. Preventing GraphQL injection requires understanding the query parser, resolver chain, and schema design.

May 5, 20247 min read
Vulnerabilities

XXE Attacks Explained: XML External Entity Injection

How an XXE attack turns a trusting XML parser into a file-reading, request-forging liability, with a concrete Java example and the parser flags that shut it down.

Mar 12, 20246 min read
DevSecOps

Environment Variable Injection in CI/CD Pipelines

Environment variables in CI/CD systems carry secrets, configuration, and control flow. When attackers can inject or modify them, everything breaks.

May 8, 20234 min read
DevSecOps

Makefile Injection Attacks: When Build Automation Becomes a Weapon

Makefiles execute shell commands by design. When those commands incorporate untrusted input, the results are predictably dangerous.

Oct 30, 20224 min read
DevSecOps

Environment Variable Injection in CI/CD: The Invisible Attack Surface

CI/CD pipelines trust environment variables implicitly. Injecting or modifying them can hijack builds, steal secrets, and compromise deployments.

Jun 20, 20224 min read
injection — Safeguard Blog