Safeguard
Tag

owasp-top-10

Safeguard articles tagged "owasp-top-10" — guides, analysis, and best practices for software supply chain and application security.

71 articles

Security Guides

OWASP A03: Injection Explained — A Deep-Dive Guide

Injection ranks #3 in the OWASP Top 10 (2021) and now includes XSS. A deep dive into SQLi, command injection, real CVEs, and how to detect and fix it in 2026.

Jul 2, 20266 min read
Security Guides

OWASP A04: Insecure Design — A Deep-Dive Guide

Insecure Design is a new OWASP Top 10 (2021) category at #4. A deep dive into design flaws vs implementation bugs, threat modeling, real cases, and prevention.

Jul 2, 20267 min read
Vulnerability Guides

What is Insecure Deserialization? A Developer's Guide

Insecure deserialization turns a trusted data-loading routine into a remote code execution primitive. Learn how gadget chains work and how to deserialize untrusted data safely.

Jul 2, 20265 min read
Vulnerability Guides

Cross-Site Scripting (XSS): A Prevention Guide

XSS lets an attacker run their JavaScript in your users' browsers — stealing sessions, rewriting pages, and pivoting to account takeover. This guide covers the three XSS types and the defenses that actually hold.

Jul 1, 20265 min read
Security Guides

OWASP A01: Broken Access Control — A Deep-Dive Guide

Broken Access Control is the #1 OWASP Top 10 (2021) risk. A deep dive into IDOR, missing authorization, real CVEs, and how to detect and fix it in 2026.

Jul 1, 20267 min read
Security Guides

OWASP A02: Cryptographic Failures — A Deep-Dive Guide

Cryptographic Failures rank #2 in the OWASP Top 10 (2021). A deep dive into weak algorithms, key management, real CVEs, and how to detect and fix them in 2026.

Jul 1, 20266 min read
Vulnerability Guides

What is SSRF (Server-Side Request Forgery)?

Server-side request forgery tricks your own backend into making attacker-chosen requests — often against internal systems it should never reach. Here's how SSRF works and how to shut it down.

Jul 1, 20265 min read
Application Security

Application Security: The Complete Guide

What is application security? A concrete guide covering AppSec fundamentals, OWASP Top 10 risks, supply chain threats, and how Safeguard fills the gaps legacy tools like Veracode leave open.

Jun 21, 202612 min read
Application Security

OWASP Top 10 vulnerabilities explained

A breakdown of all 10 OWASP Top 10 categories with real CVEs (Log4Shell, Equifax, Heartbleed) mapped to each, and stats on which risks hit production most.

Jun 4, 20266 min read
Application Security

SQL injection cheat sheet: 8 best practices to prevent it

SQL injection still breaches Fortune 500s in 2026. Here are 8 concrete practices — from parameterized queries to reachability analysis — that actually stop it.

May 31, 20267 min read
Application Security

Preventing path traversal (directory traversal) attacks

Path traversal lets attackers read or write files outside a web app's directory using ../ sequences. Here's how it works and how to stop it.

May 29, 20267 min read
Application Security

Preventing open redirect vulnerabilities

Open redirect flaws turn trusted domains into phishing and OAuth-token-theft infrastructure. Here's how they work, how to find them, and how to fix them for good.

May 28, 20267 min read
owasp-top-10 (Page 2) — Safeguard Blog