owasp-top-10
Safeguard articles tagged "owasp-top-10" — guides, analysis, and best practices for software supply chain and application security.
71 articles
Building AppSec Training Programs That Actually Change Behavior
OWASP's 2021 Top 10 added Insecure Design as its largest category by CWE count, yet most developer training still teaches syntax, not decisions.
Log injection attacks and how to stop forging your own audit trail
One unsanitized turns a log line into two, and a critical Log4j flaw with a CVSS score of 10.0 turned a log message into remote code execution.
The OWASP Top 10:2025, explained with minimal fix-it code
OWASP reordered its Top 10 for 2025 — Broken Access Control is back at #1 and a new Mishandling of Exceptional Conditions category debuts at #10.
OWASP A10: Server-Side Request Forgery (SSRF) — A Deep-Dive Guide
Server-Side Request Forgery ranks #10 in the OWASP Top 10 (2021). A deep dive into cloud metadata theft, real CVEs like ProxyLogon, and how to stop SSRF in 2026.
AI Red Teaming vs. AI-SPM: Why You Need Both
OWASP's 2025 LLM Top 10 and MITRE ATLAS both treat adversarial testing and posture scanning as separate disciplines — most AI programs still run only one.
Broken access control in Express: the OWASP #1 risk, fixed with middleware
Broken access control now shows up in 100% of tested applications, per OWASP's 2025 Top 10 — up from 94% in 2021. Here's how to close it in Express.
OWASP Top 10 for LLM Applications: A Practical Walkthrough
OWASP's 2025 LLM Top 10 added three new categories in one revision — here's what changed, why, and concrete mitigation patterns for each risk.
OWASP A09: Security Logging and Monitoring Failures — A Deep-Dive Guide
Security Logging and Monitoring Failures rank #9 in the OWASP Top 10 (2021). A deep dive into undetected breaches, dwell time, real incidents, and how to fix it.
OWASP A08: Software and Data Integrity Failures — A Deep-Dive Guide
Software and Data Integrity Failures rank #8 in the OWASP Top 10 (2021). A deep dive into insecure deserialization, unsigned updates, SolarWinds, and real CVEs.
OWASP A07: Identification and Authentication Failures — A Deep-Dive Guide
Identification and Authentication Failures rank #7 in the OWASP Top 10 (2021). A deep dive into credential stuffing, session handling, real CVEs, and 2026 fixes.
OWASP A06: Vulnerable and Outdated Components — A Deep-Dive Guide
Vulnerable and Outdated Components rank #6 in the OWASP Top 10 (2021). A deep dive into transitive risk, real CVEs like Log4Shell, and how to fix it in 2026.
OWASP A05: Security Misconfiguration — A Deep-Dive Guide
Security Misconfiguration ranks #5 in the OWASP Top 10 (2021) and absorbed XXE. A deep dive into defaults, exposed services, real CVEs, and how to fix them.