Safeguard
Tag

middleware

Safeguard articles tagged "middleware" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Application Security

Broken access control in Express: the OWASP #1 risk, fixed with middleware

Broken access control now shows up in 100% of tested applications, per OWASP's 2025 Top 10 — up from 94% in 2021. Here's how to close it in Express.

Jul 8, 20266 min read
Security Guides

Next.js Security Best Practices: Middleware, Server Components, and Secrets

CVE-2025-29927 let attackers skip Next.js middleware with a single header. Here is where App Router security actually breaks and how to lock it down.

Jul 1, 20266 min read
Application Security

Securing Next.js applications and middleware

CVE-2025-29927 let attackers bypass Next.js middleware auth with one header. Here's how that and three other real CVEs expose middleware, Server Actions, and caching.

May 24, 20267 min read
Cloud Security

Vercel Edge Functions supply chain risks in 2026

Edge Functions, middleware, and Edge Config combine npm trust, build-step trust, and a secret surface that runs at every request. Here is the 2026 control set.

May 13, 20267 min read
Vulnerability Analysis

Next.js Middleware Authorization Bypass: CVE-2025-29927

A critical flaw in Next.js allowed attackers to bypass middleware-based authorization by setting a single HTTP header. Applications relying on middleware for auth checks were completely exposed.

Mar 21, 20255 min read
Best Practices

Express.js Security Middleware: An Audit

Express remains the default Node.js framework at most shops, and its middleware ecosystem is a thirteen-year accumulation of packages, some abandoned, some indispensable. This is a pragmatic audit of what belongs in a 2023 Express stack.

Nov 15, 20236 min read
SBOM

SBOM for the Gaming Industry: Why Game Studios Need Software Transparency

Game studios ship millions of lines of code with complex dependency chains across engines, middleware, and third-party SDKs. SBOMs are not just a compliance tool — they are an operational necessity.

Sep 20, 20235 min read
middleware — Safeguard Blog