owasp-top-10
Safeguard articles tagged "owasp-top-10" — guides, analysis, and best practices for software supply chain and application security.
71 articles
OWASP A03: Injection Explained — A Deep-Dive Guide
Injection ranks #3 in the OWASP Top 10 (2021) and now includes XSS. A deep dive into SQLi, command injection, real CVEs, and how to detect and fix it in 2026.
OWASP A04: Insecure Design — A Deep-Dive Guide
Insecure Design is a new OWASP Top 10 (2021) category at #4. A deep dive into design flaws vs implementation bugs, threat modeling, real cases, and prevention.
What is Insecure Deserialization? A Developer's Guide
Insecure deserialization turns a trusted data-loading routine into a remote code execution primitive. Learn how gadget chains work and how to deserialize untrusted data safely.
Cross-Site Scripting (XSS): A Prevention Guide
XSS lets an attacker run their JavaScript in your users' browsers — stealing sessions, rewriting pages, and pivoting to account takeover. This guide covers the three XSS types and the defenses that actually hold.
OWASP A01: Broken Access Control — A Deep-Dive Guide
Broken Access Control is the #1 OWASP Top 10 (2021) risk. A deep dive into IDOR, missing authorization, real CVEs, and how to detect and fix it in 2026.
OWASP A02: Cryptographic Failures — A Deep-Dive Guide
Cryptographic Failures rank #2 in the OWASP Top 10 (2021). A deep dive into weak algorithms, key management, real CVEs, and how to detect and fix them in 2026.
What is SSRF (Server-Side Request Forgery)?
Server-side request forgery tricks your own backend into making attacker-chosen requests — often against internal systems it should never reach. Here's how SSRF works and how to shut it down.
Application Security: The Complete Guide
What is application security? A concrete guide covering AppSec fundamentals, OWASP Top 10 risks, supply chain threats, and how Safeguard fills the gaps legacy tools like Veracode leave open.
OWASP Top 10 vulnerabilities explained
A breakdown of all 10 OWASP Top 10 categories with real CVEs (Log4Shell, Equifax, Heartbleed) mapped to each, and stats on which risks hit production most.
SQL injection cheat sheet: 8 best practices to prevent it
SQL injection still breaches Fortune 500s in 2026. Here are 8 concrete practices — from parameterized queries to reachability analysis — that actually stop it.
Preventing path traversal (directory traversal) attacks
Path traversal lets attackers read or write files outside a web app's directory using ../ sequences. Here's how it works and how to stop it.
Preventing open redirect vulnerabilities
Open redirect flaws turn trusted domains into phishing and OAuth-token-theft infrastructure. Here's how they work, how to find them, and how to fix them for good.