owasp
Safeguard articles tagged "owasp" — guides, analysis, and best practices for software supply chain and application security.
104 articles
SSRF Examples and How They're Actually Exploited
Real SSRF examples, from cloud metadata theft to internal port scanning, showing exactly how a server-side request forgery bug gets turned into a full compromise.
SQL Injection Examples: Classic and Modern Attack Patterns
Real SQL injection examples from classic login bypass to blind, time-based, and ORM-era attacks, plus how to test for each one safely.
What Is XSS? Cross-Site Scripting Full Form and Basics
XSS is short for cross-site scripting, a vulnerability that lets attackers run malicious scripts in a victim's browser. Here's how it works, its three main types, and how it's actually caught.
XSS Attack Explained: How Cross-Site Scripting Works
An XSS attack lets an attacker run their JavaScript in your users' browsers. Here is how cross-site scripting works, the three types, and how to stop it.
XXE Attacks Explained: XML External Entity Injection
How an XXE attack turns a trusting XML parser into a file-reading, request-forging liability, with a concrete Java example and the parser flags that shut it down.
Mobile Application Security Testing: Beyond the OWASP Mobile Top 10
Mobile apps have unique security challenges that web-focused tools miss entirely. Here is a practical testing methodology for iOS and Android.
XML External Entity (XXE) Prevention: Disabling the Features That Attack You
XXE attacks exploit XML parser features that most applications never need. Here is how to disable them across every major language and framework.
API Security Testing Against the OWASP API Top 10: A Hands-On Guide
APIs are now the primary attack surface for most applications. Here is how to test for the OWASP API Security Top 10 risks systematically.
Insecure Deserialization: Why Untrusted Data Should Never Become Objects
Deserialization vulnerabilities turn data into code execution. Here is how they work, which languages are most affected, and how to defend against them.
OWASP Top 10 for LLM Applications: A First Look
OWASP published its first Top 10 for LLM Applications on August 1, 2023. Here is what it covers, where it overreaches, and how to use it on real systems.
Securing LLM Applications: The OWASP Top 10 for Large Language Models
OWASP released its Top 10 for LLM Applications in August 2023, providing the first standardized framework for understanding and mitigating risks in AI-powered software.
API Security Through the Supply Chain Lens
APIs are both an attack surface and a supply chain dependency. This guide examines API security risks from authentication to third-party integrations.