owasp
Safeguard articles tagged "owasp" — guides, analysis, and best practices for software supply chain and application security.
104 articles
Mass Assignment Vulnerability: How to Prevent It
Mass assignment lets attackers set fields you never meant to expose — like isAdmin or accountBalance — by adding them to a request body. Here is the fix.
Application Security FAQ: A 2026 Guide
Clear answers to common application security questions in 2026 — what AppSec covers, how SAST, DAST, and SCA differ, the role of the OWASP Top 10, and how to prioritize fixes.
What Is SSTI (Server-Side Template Injection)?
SSTI happens when user input is compiled as template code instead of rendered as data, often leading straight to remote code execution. Here is how to prevent it.
C# Secure Coding Guide: Patterns That Prevent Real Bugs
A hands-on C# secure coding guide covering input validation, safe APIs, path traversal, injection, and the language-level patterns that keep vulnerabilities out of your code.
What Is XXE (XML External Entity Injection)?
XXE abuses an XML parser's ability to load external entities to read local files, reach internal services, or knock a server offline. Here is how to stop it.
Application Security for Beginners: Where to Start Without Feeling Overwhelmed
Application security sounds intimidating, but the fundamentals are learnable in an afternoon. Here is a warm, practical introduction with a first hands-on step you can try today.
What Is IDOR (Insecure Direct Object Reference)?
IDOR lets an attacker swap an ID in a request and read or change data that belongs to someone else. Here is how it works and how to shut it down.
Web Application Security Standards overview
A breakdown of OWASP, NIST SSDF, and PCI DSS 4.0 web application security standards, where Veracode's scanning model covers them, and where supply-chain gaps remain.
Agentic AI Security Took Center Stage: The OWASP GenAI Summit at Infosecurity Europe 2026
OWASP's first dedicated GenAI Security Summit at Infosecurity Europe put agentic AI security front and center, unveiling an Agentic Research Council and a maturity framework. Here's what actually mattered.
How to prevent log injection vulnerabilities in Node.js
Log injection lets attackers forge log entries in Node.js apps via unsanitized input. Learn the sanitization, encoding, and structured-logging fixes that stop it.
10 React security best practices
Real CVEs, real npm supply chain hijacks, and the concrete React practices — from CSP to token storage — that actually stop them.
5 Node.js security code snippets every backend developer should know
Five real Node.js vulnerability patterns with vulnerable-vs-fixed code: prototype pollution, NoSQL injection, missing headers, path traversal, and JWT flaws.