Safeguard
Tag

owasp

Safeguard articles tagged "owasp" — guides, analysis, and best practices for software supply chain and application security.

104 articles

Application Security

Serverless security implications from infra to OWASP

Serverless shrinks the OS attack surface but expands the IAM and dependency one. Here's how the OWASP Serverless Top 10 maps to real 2021-era incidents.

Apr 27, 20266 min read
Mobile Security

Mobile App Security Testing with OWASP MASVS in 2026

How to build a practical mobile app security testing program around OWASP MASVS 2.1, with the verification techniques that actually catch real issues.

Apr 25, 20266 min read
AI Security

OWASP Top 10 for LLM Applications, Explained

A practitioner's walkthrough of the OWASP Top 10 for LLM Applications: what each risk looks like in a real system, which ones bite first, and the mitigations that hold up.

Apr 9, 20266 min read
Tools

cdxgen v12: Reachability Evidence Lands in SBOMs

OWASP's cdxgen v12 ships reachability evidence powered by atom, multi-BOM generation (SBOM, CBOM, SaaSBOM, OBOM, CDXA), and CycloneDX 1.7 as the default. We tested it on a Java monorepo.

Apr 9, 20266 min read
Vulnerability Analysis

What is Directory Traversal

Directory traversal (CWE-22) lets attackers use ../ sequences to read or write files outside a web app's root directory. Here's how it works.

Mar 30, 20267 min read
Vulnerability Analysis

What is Clickjacking

Clickjacking tricks users into clicking hidden UI via invisible iframes. Learn how it works, real incidents, key CVEs, and how to defend against it.

Mar 27, 20266 min read
Vulnerability Analysis

What is Session Hijacking

Session hijacking lets attackers seize an active, authenticated session and bypass passwords and MFA entirely. Here's how it works and how to stop it.

Mar 26, 20267 min read
Software Supply Chain Security

CycloneDX

CycloneDX is the OWASP-backed SBOM standard for tracking software components, vulnerabilities, and VEX statements. Here's what is CycloneDX and how it compares to SPDX.

Mar 3, 20267 min read
Industry Analysis

Insecure deserialization attack

A precise breakdown of what is an insecure deserialization attack, how object injection and gadget chains work in Java and Python, and how to defend against them.

Feb 25, 20267 min read
AI Security

The OWASP Top 10 for Large Language Model Applications: A Field Guide

A working breakdown of the OWASP Top 10 for Large Language Model Applications — what each risk actually looks like in production and how teams are testing for it.

Feb 14, 20267 min read
Application Security

What Are Secure Coding Standards

Secure coding standards are enforceable rules — like OWASP and CERT — that stop specific CWEs before code ships. Here's what they cover and how to enforce them.

Jan 29, 20267 min read
Application Security

XML Parsing Security: XXE, Billion Laughs, and Beyond

XML's feature richness is its security weakness. XXE, entity expansion, and XSLT injection continue to plague applications that process XML.

Jan 12, 20264 min read
owasp (Page 5) — Safeguard Blog