Safeguard
Tag

owasp

Safeguard articles tagged "owasp" — guides, analysis, and best practices for software supply chain and application security.

104 articles

Vulnerability Guides

Mass Assignment Vulnerability: How to Prevent It

Mass assignment lets attackers set fields you never meant to expose — like isAdmin or accountBalance — by adding them to a request body. Here is the fix.

Jul 2, 20265 min read
FAQ

Application Security FAQ: A 2026 Guide

Clear answers to common application security questions in 2026 — what AppSec covers, how SAST, DAST, and SCA differ, the role of the OWASP Top 10, and how to prioritize fixes.

Jul 2, 20266 min read
Vulnerability Guides

What Is SSTI (Server-Side Template Injection)?

SSTI happens when user input is compiled as template code instead of rendered as data, often leading straight to remote code execution. Here is how to prevent it.

Jul 2, 20265 min read
Security Guides

C# Secure Coding Guide: Patterns That Prevent Real Bugs

A hands-on C# secure coding guide covering input validation, safe APIs, path traversal, injection, and the language-level patterns that keep vulnerabilities out of your code.

Jul 1, 20266 min read
Vulnerability Guides

What Is XXE (XML External Entity Injection)?

XXE abuses an XML parser's ability to load external entities to read local files, reach internal services, or knock a server offline. Here is how to stop it.

Jul 1, 20265 min read
Guides

Application Security for Beginners: Where to Start Without Feeling Overwhelmed

Application security sounds intimidating, but the fundamentals are learnable in an afternoon. Here is a warm, practical introduction with a first hands-on step you can try today.

Jul 1, 20266 min read
Vulnerability Guides

What Is IDOR (Insecure Direct Object Reference)?

IDOR lets an attacker swap an ID in a request and read or change data that belongs to someone else. Here is how it works and how to shut it down.

Jul 1, 20266 min read
Application Security

Web Application Security Standards overview

A breakdown of OWASP, NIST SSDF, and PCI DSS 4.0 web application security standards, where Veracode's scanning model covers them, and where supply-chain gaps remain.

Jun 20, 20267 min read
Industry Events

Agentic AI Security Took Center Stage: The OWASP GenAI Summit at Infosecurity Europe 2026

OWASP's first dedicated GenAI Security Summit at Infosecurity Europe put agentic AI security front and center, unveiling an Agentic Research Council and a maturity framework. Here's what actually mattered.

Jun 6, 20267 min read
Application Security

How to prevent log injection vulnerabilities in Node.js

Log injection lets attackers forge log entries in Node.js apps via unsanitized input. Learn the sanitization, encoding, and structured-logging fixes that stop it.

May 29, 20266 min read
Application Security

10 React security best practices

Real CVEs, real npm supply chain hijacks, and the concrete React practices — from CSP to token storage — that actually stop them.

May 26, 20268 min read
Application Security

5 Node.js security code snippets every backend developer should know

Five real Node.js vulnerability patterns with vulnerable-vs-fixed code: prototype pollution, NoSQL injection, missing headers, path traversal, and JWT flaws.

May 24, 20268 min read
owasp (Page 4) — Safeguard Blog