Safeguard
Tag

owasp-top-10

Safeguard articles tagged "owasp-top-10" — guides, analysis, and best practices for software supply chain and application security.

71 articles

Vulnerability Analysis

Broken access control explained

Broken access control has topped OWASP's Top 10 since 2021. See real breaches, common patterns like IDOR, and how to detect and fix them.

Dec 9, 20257 min read
Vulnerability Analysis

CRLF injection and HTTP response splitting explained

CRLF injection lets attackers forge HTTP headers and split responses. Here's how it works, real CVEs behind it, and how to detect and stop it.

Dec 6, 20257 min read
Vulnerability Analysis

Sensitive data exposure in application logs explained

Passwords, tokens, and PII often end up readable in plaintext logs. Here's how CWE-532 exposures happen, real breaches they caused, and how to fix them.

Dec 1, 20257 min read
Vulnerabilities

App Vulnerability Classes: A Field Guide

Not every app vulnerability behaves the same way — this field guide groups the common web vulnerabilities by root cause so triage and prevention actually map to something repeatable.

Nov 6, 20255 min read
Industry Analysis

Broken Authentication in API Endpoints

Broken authentication in API endpoints drove breaches at T-Mobile, Optus, and Peloton. Here's why it keeps happening and how to catch it before attackers do.

Nov 5, 20257 min read
Industry Analysis

SQL Injection Prevention in PHP with Parameterized Queries

Parameterized queries stop SQL injection in PHP by separating code from data. Here's how PDO and MySQLi prepared statements work, and where they still fail.

Oct 26, 20258 min read
Industry Analysis

XXE Prevention in Java: Hardening DocumentBuilderFactory

Java's DocumentBuilderFactory parses XML with external entities on by default, turning XML uploads into file-read and SSRF vectors. Here is how to lock it down.

Oct 22, 20258 min read
AppSec

The OWASP Top 10 API Security Risks, Explained

The OWASP Top 10 API Security Risks reorder the classic web vulnerability list around how APIs actually get broken — object-level authorization failures beat injection as the most common real-world root cause.

Sep 9, 20256 min read
Vulnerabilities

Java Vulnerability Classes: A Reference List

A java vulnerability list organized by class — deserialization, injection, XXE, and the rest — because Java's ecosystem produces a specific, recurring set of vulnerability patterns worth knowing by name.

Feb 11, 20255 min read
Security Concepts

CWE Full Form: How the Common Weakness Enumeration Works

CWE stands for Common Weakness Enumeration — a community catalog of software and hardware weakness types. Here is what CWE means, how it differs from CVE, and how to use it.

Nov 19, 20246 min read
Security Concepts

OWASP 10 vs OWASP Top 10: Clearing Up the Confusion

"OWASP 10" isn't a separate standard — it's shorthand people search for the OWASP Top 10, and the confusion usually starts with which Top 10 they actually mean.

Aug 19, 20245 min read
owasp-top-10 (Page 6) — Safeguard Blog