Safeguard
Tag

owasp

Safeguard articles tagged "owasp" — guides, analysis, and best practices for software supply chain and application security.

104 articles

Vulnerabilities

SSRF Examples and How They're Actually Exploited

Real SSRF examples, from cloud metadata theft to internal port scanning, showing exactly how a server-side request forgery bug gets turned into a full compromise.

Jun 11, 20246 min read
Vulnerabilities

SQL Injection Examples: Classic and Modern Attack Patterns

Real SQL injection examples from classic login bypass to blind, time-based, and ORM-era attacks, plus how to test for each one safely.

Jun 4, 20246 min read
Vulnerabilities

What Is XSS? Cross-Site Scripting Full Form and Basics

XSS is short for cross-site scripting, a vulnerability that lets attackers run malicious scripts in a victim's browser. Here's how it works, its three main types, and how it's actually caught.

May 14, 20245 min read
Vulnerabilities

XSS Attack Explained: How Cross-Site Scripting Works

An XSS attack lets an attacker run their JavaScript in your users' browsers. Here is how cross-site scripting works, the three types, and how to stop it.

Mar 12, 20247 min read
Vulnerabilities

XXE Attacks Explained: XML External Entity Injection

How an XXE attack turns a trusting XML parser into a file-reading, request-forging liability, with a concrete Java example and the parser flags that shut it down.

Mar 12, 20246 min read
Application Security

Mobile Application Security Testing: Beyond the OWASP Mobile Top 10

Mobile apps have unique security challenges that web-focused tools miss entirely. Here is a practical testing methodology for iOS and Android.

Mar 8, 20246 min read
Code Security

XML External Entity (XXE) Prevention: Disabling the Features That Attack You

XXE attacks exploit XML parser features that most applications never need. Here is how to disable them across every major language and framework.

Feb 18, 20245 min read
Application Security

API Security Testing Against the OWASP API Top 10: A Hands-On Guide

APIs are now the primary attack surface for most applications. Here is how to test for the OWASP API Security Top 10 risks systematically.

Nov 5, 20237 min read
Code Security

Insecure Deserialization: Why Untrusted Data Should Never Become Objects

Deserialization vulnerabilities turn data into code execution. Here is how they work, which languages are most affected, and how to defend against them.

Oct 12, 20236 min read
AI Security

OWASP Top 10 for LLM Applications: A First Look

OWASP published its first Top 10 for LLM Applications on August 1, 2023. Here is what it covers, where it overreaches, and how to use it on real systems.

Sep 28, 20235 min read
AI Security

Securing LLM Applications: The OWASP Top 10 for Large Language Models

OWASP released its Top 10 for LLM Applications in August 2023, providing the first standardized framework for understanding and mitigating risks in AI-powered software.

Sep 25, 20235 min read
Application Security

API Security Through the Supply Chain Lens

APIs are both an attack surface and a supply chain dependency. This guide examines API security risks from authentication to third-party integrations.

Sep 12, 20237 min read
owasp (Page 8) — Safeguard Blog