Safeguard
Tag

owasp-top-10

Safeguard articles tagged "owasp-top-10" — guides, analysis, and best practices for software supply chain and application security.

71 articles

DevSecOps

Building AppSec Training Programs That Actually Change Behavior

OWASP's 2021 Top 10 added Insecure Design as its largest category by CWE count, yet most developer training still teaches syntax, not decisions.

Jul 15, 20266 min read
Application Security

Log injection attacks and how to stop forging your own audit trail

One unsanitized turns a log line into two, and a critical Log4j flaw with a CVSS score of 10.0 turned a log message into remote code execution.

Jul 15, 20265 min read
Application Security

The OWASP Top 10:2025, explained with minimal fix-it code

OWASP reordered its Top 10 for 2025 — Broken Access Control is back at #1 and a new Mishandling of Exceptional Conditions category debuts at #10.

Jul 15, 20269 min read
Security Guides

OWASP A10: Server-Side Request Forgery (SSRF) — A Deep-Dive Guide

Server-Side Request Forgery ranks #10 in the OWASP Top 10 (2021). A deep dive into cloud metadata theft, real CVEs like ProxyLogon, and how to stop SSRF in 2026.

Jul 8, 20267 min read
AI Security

AI Red Teaming vs. AI-SPM: Why You Need Both

OWASP's 2025 LLM Top 10 and MITRE ATLAS both treat adversarial testing and posture scanning as separate disciplines — most AI programs still run only one.

Jul 8, 20265 min read
Application Security

Broken access control in Express: the OWASP #1 risk, fixed with middleware

Broken access control now shows up in 100% of tested applications, per OWASP's 2025 Top 10 — up from 94% in 2021. Here's how to close it in Express.

Jul 8, 20266 min read
AI Security

OWASP Top 10 for LLM Applications: A Practical Walkthrough

OWASP's 2025 LLM Top 10 added three new categories in one revision — here's what changed, why, and concrete mitigation patterns for each risk.

Jul 8, 20267 min read
Security Guides

OWASP A09: Security Logging and Monitoring Failures — A Deep-Dive Guide

Security Logging and Monitoring Failures rank #9 in the OWASP Top 10 (2021). A deep dive into undetected breaches, dwell time, real incidents, and how to fix it.

Jul 7, 20267 min read
Security Guides

OWASP A08: Software and Data Integrity Failures — A Deep-Dive Guide

Software and Data Integrity Failures rank #8 in the OWASP Top 10 (2021). A deep dive into insecure deserialization, unsigned updates, SolarWinds, and real CVEs.

Jul 6, 20267 min read
Security Guides

OWASP A07: Identification and Authentication Failures — A Deep-Dive Guide

Identification and Authentication Failures rank #7 in the OWASP Top 10 (2021). A deep dive into credential stuffing, session handling, real CVEs, and 2026 fixes.

Jul 5, 20266 min read
Security Guides

OWASP A06: Vulnerable and Outdated Components — A Deep-Dive Guide

Vulnerable and Outdated Components rank #6 in the OWASP Top 10 (2021). A deep dive into transitive risk, real CVEs like Log4Shell, and how to fix it in 2026.

Jul 4, 20266 min read
Security Guides

OWASP A05: Security Misconfiguration — A Deep-Dive Guide

Security Misconfiguration ranks #5 in the OWASP Top 10 (2021) and absorbed XXE. A deep dive into defaults, exposed services, real CVEs, and how to fix them.

Jul 3, 20266 min read
owasp-top-10 — Safeguard Blog