owasp
Safeguard articles tagged "owasp" — guides, analysis, and best practices for software supply chain and application security.
104 articles
Serverless security implications from infra to OWASP
Serverless shrinks the OS attack surface but expands the IAM and dependency one. Here's how the OWASP Serverless Top 10 maps to real 2021-era incidents.
Mobile App Security Testing with OWASP MASVS in 2026
How to build a practical mobile app security testing program around OWASP MASVS 2.1, with the verification techniques that actually catch real issues.
OWASP Top 10 for LLM Applications, Explained
A practitioner's walkthrough of the OWASP Top 10 for LLM Applications: what each risk looks like in a real system, which ones bite first, and the mitigations that hold up.
cdxgen v12: Reachability Evidence Lands in SBOMs
OWASP's cdxgen v12 ships reachability evidence powered by atom, multi-BOM generation (SBOM, CBOM, SaaSBOM, OBOM, CDXA), and CycloneDX 1.7 as the default. We tested it on a Java monorepo.
What is Directory Traversal
Directory traversal (CWE-22) lets attackers use ../ sequences to read or write files outside a web app's root directory. Here's how it works.
What is Clickjacking
Clickjacking tricks users into clicking hidden UI via invisible iframes. Learn how it works, real incidents, key CVEs, and how to defend against it.
What is Session Hijacking
Session hijacking lets attackers seize an active, authenticated session and bypass passwords and MFA entirely. Here's how it works and how to stop it.
CycloneDX
CycloneDX is the OWASP-backed SBOM standard for tracking software components, vulnerabilities, and VEX statements. Here's what is CycloneDX and how it compares to SPDX.
Insecure deserialization attack
A precise breakdown of what is an insecure deserialization attack, how object injection and gadget chains work in Java and Python, and how to defend against them.
The OWASP Top 10 for Large Language Model Applications: A Field Guide
A working breakdown of the OWASP Top 10 for Large Language Model Applications — what each risk actually looks like in production and how teams are testing for it.
What Are Secure Coding Standards
Secure coding standards are enforceable rules — like OWASP and CERT — that stop specific CWEs before code ships. Here's what they cover and how to enforce them.
XML Parsing Security: XXE, Billion Laughs, and Beyond
XML's feature richness is its security weakness. XXE, entity expansion, and XSLT injection continue to plague applications that process XML.