Safeguard
Tag

owasp

Safeguard articles tagged "owasp" — guides, analysis, and best practices for software supply chain and application security.

104 articles

AppSec

Application Layer Security: What It Covers (and What It Doesn't)

Application layer security protects the code, logic, and APIs at the top of the OSI stack, but it's easy to confuse it with network or infrastructure security controls that solve a different problem.

Jun 25, 20255 min read
AppSec

Serialization vs. Deserialization in Java: Security Implications

The difference between serialization and deserialization in Java is simple to state and dangerous to get wrong — deserialization of untrusted data has caused some of the highest-severity Java CVEs of the last decade.

Jun 10, 20256 min read
Regulatory Compliance

OWASP ASVS 5.0 Adoption Guide

OWASP ASVS 5.0 restructured the verification levels and added new requirements for modern stacks. A practical adoption guide for teams using ASVS as their security baseline.

Jun 3, 20256 min read
Culture

OWASP Webinars and Training Resources Worth Your Time

Most application security teams already know OWASP by reputation but rarely tap its live training — here's which formats are worth blocking calendar time for.

May 22, 20255 min read
Frameworks

OWASP LLM Top 10 2025: System Prompt Leakage and Vector Weaknesses

The OWASP Top 10 for LLM Applications 2025 added System Prompt Leakage and Vector/Embedding Weaknesses, and elevated Sensitive Information Disclosure to #2. Here is the defender view.

Apr 22, 20257 min read
AppSec

Secure Code Review: A Practical Checklist

Secure code reviews catch a different category of bug than functional code review, and having a repeatable checklist keeps reviewers from relying on memory for the same handful of recurring flaws.

Apr 9, 20255 min read
AppSec

Unrestricted File Upload Vulnerabilities: Risks and Fixes

An unrestricted file upload vulnerability lets an attacker place a working web shell on your server through a form that was only ever supposed to accept profile pictures or PDFs.

Feb 11, 20256 min read
Vulnerabilities

SSRF Attacks: How Server-Side Request Forgery Works

SSRF tricks a server into making requests an attacker controls — reaching internal services, cloud metadata endpoints, and data no external user should touch. Here is how it works and how to stop it.

Sep 17, 20246 min read
Vulnerabilities

SQL Injection: How It Works and How It's Actually Tested

A defender's walkthrough of how SQL injection works and how security testers actually verify it in a controlled, authorized assessment — not a how-to-attack guide.

Sep 4, 20245 min read
Vulnerabilities

A CSRF Example: Full Attack Walkthrough

A concrete csrf example — a bank transfer form with no anti-forgery token — showing exactly how a forged request rides in on a victim's session and what stops it.

Sep 3, 20245 min read
Vulnerabilities

XSS Scripting Attacks: A Refresher for Engineers

XSS scripting attacks still make the OWASP Top 10 more than two decades after they were first documented, mostly because the fix is context-dependent and easy to get almost-right.

Aug 21, 20245 min read
Security Concepts

What Is CWE? The Common Weakness Enumeration Explained

CWE catalogs the underlying software weakness behind a vulnerability, not the specific instance of it — here's how it relates to CVE and why scanners tag findings with a CWE ID.

Aug 6, 20245 min read
owasp (Page 7) — Safeguard Blog