middleware
Safeguard articles tagged "middleware" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Broken access control in Express: the OWASP #1 risk, fixed with middleware
Broken access control now shows up in 100% of tested applications, per OWASP's 2025 Top 10 — up from 94% in 2021. Here's how to close it in Express.
Next.js Security Best Practices: Middleware, Server Components, and Secrets
CVE-2025-29927 let attackers skip Next.js middleware with a single header. Here is where App Router security actually breaks and how to lock it down.
Securing Next.js applications and middleware
CVE-2025-29927 let attackers bypass Next.js middleware auth with one header. Here's how that and three other real CVEs expose middleware, Server Actions, and caching.
Vercel Edge Functions supply chain risks in 2026
Edge Functions, middleware, and Edge Config combine npm trust, build-step trust, and a secret surface that runs at every request. Here is the 2026 control set.
Next.js Middleware Authorization Bypass: CVE-2025-29927
A critical flaw in Next.js allowed attackers to bypass middleware-based authorization by setting a single HTTP header. Applications relying on middleware for auth checks were completely exposed.
Express.js Security Middleware: An Audit
Express remains the default Node.js framework at most shops, and its middleware ecosystem is a thirteen-year accumulation of packages, some abandoned, some indispensable. This is a pragmatic audit of what belongs in a 2023 Express stack.
SBOM for the Gaming Industry: Why Game Studios Need Software Transparency
Game studios ship millions of lines of code with complex dependency chains across engines, middleware, and third-party SDKs. SBOMs are not just a compliance tool — they are an operational necessity.