owasp-vulnerabilities
Safeguard articles tagged "owasp-vulnerabilities" — guides, analysis, and best practices for software supply chain and application security.
5 articles
PHP Vulnerability Classes and Common Fixes
The recurring php vulnerability classes — SQL injection, file inclusion, deserialization, and type-juggling bugs — and the specific fixes that close each one.
XXE Examples: Annotated Payloads and Fixes
Concrete xxe examples showing how a malicious external entity reference reads local files or reaches internal services through an XML parser, and the config change that closes it.
Data Vulnerability Classes in Modern Applications
Most breaches trace back to a handful of recurring data vulnerability patterns — from unencrypted storage to broken access checks. Here's how to categorize and prioritize them.
Password Security Storage: Hashing Done Right
Password security storage still gets built wrong in 2024 — here's what a correct implementation looks like, from algorithm choice to salt handling to migration.
Application Vulnerabilities: The Common Classes Explained
Injection, broken access control, and misconfiguration account for most real-world breaches. Here's a plain map of the classes that matter and how each one is actually exploited.