owasp
Safeguard articles tagged "owasp" — guides, analysis, and best practices for software supply chain and application security.
104 articles
Server-Side Request Forgery (SSRF): The Vulnerability That Unlocks Cloud Metadata
SSRF lets attackers reach internal services through your application. In cloud environments, that often means access to instance metadata and IAM credentials.
Modern Command Injection Prevention: Beyond the Basics
Command injection remains in the OWASP Top 10 because developers keep making the same mistakes with new tools. Here is a modern prevention guide covering containers, serverless, and CI/CD.
Cross-Site Scripting (XSS) Prevention: Context-Aware Encoding and Modern Defenses
XSS remains a top web vulnerability because output encoding is context-dependent. Here is how to get it right across HTML, JavaScript, URL, and CSS contexts.
Sensitive Data Exposure Prevention: Protecting Data at Rest, in Transit, and in Use
Data exposure is not just about encryption. It is about knowing where your sensitive data lives, how it moves, and who can access it at every stage.
SQL Injection Prevention in 2022: Why It Still Happens and How to Stop It
SQL injection has been the top web vulnerability for over two decades. Modern frameworks help, but they do not make it impossible. Here is what still goes wrong.
Security Misconfiguration Checklist: The Low-Hanging Fruit Attackers Love
Misconfigurations are the easiest vulnerabilities to find and exploit. Here is a practical checklist for web servers, frameworks, cloud services, and databases.
The OWASP Top 10 (2021) Through a Supply Chain Security Lens
The 2021 OWASP Top 10 added supply chain risks for the first time. Here is what each category means when your code is mostly someone else's code.
Broken Access Control: The Number One Web Vulnerability and How to Fix It
Access control moved to the top of the OWASP Top 10 in 2021. Here is why it is so hard to get right and what a solid authorization architecture looks like.