Safeguard
Tag

secure-coding

Safeguard articles tagged "secure-coding" — guides, analysis, and best practices for software supply chain and application security.

129 articles

Open Source Security

The Hidden Risk of Copy-Pasted Code Snippets from Forums ...

Copy-pasted code from Stack Overflow and AI chats often ships with hidden vulnerabilities. Here's the data behind the risk, real breaches it caused, and how to catch it.

Aug 10, 20258 min read
AI Security

Model Training Data and the Propagation of Insecure Codin...

LLM coding assistants inherit insecure patterns from their training data — from SQLi-prone snippets to hallucinated packages attackers exploit. Here's how the risk propagates.

Aug 7, 20258 min read
Industry Analysis

How AI Code Generation Is Changing the Shape of the OWASP...

AI coding assistants are quietly reshuffling the OWASP Top Ten, elevating software supply chain risk and reviving old injection bugs at machine speed.

Aug 6, 20257 min read
DevSecOps

Why Security Training Completion Rates Don't Predict Secu...

Completion rates measure attendance, not behavior. Here's why training checkboxes don't predict secure coding outcomes, and what to measure instead.

Jul 19, 20257 min read
DevSecOps

Gamification of Secure Coding: Does It Change Long-Term B...

Gamified secure coding training boosts engagement fast — but does it change what developers ship six months later? Here's what the data actually shows.

Jul 17, 20257 min read
AppSec

Blind SQL Injection: A Practical Cheat Sheet

This blind sql injection cheat sheet covers how boolean-based and time-based blind attacks actually work, why they succeed against apps with no visible error output, and how to close them off.

Jun 27, 20256 min read
AppSec

Encryption Algorithms in Java: A Practical Overview

Java ships a wide menu of encryption algorithms through its Java Cryptography Architecture, but picking the wrong mode or a deprecated cipher is one of the most common security findings in Java codebases.

Jun 9, 20256 min read
Dev Practices

Dependency Injection in JavaScript: Security Notes

Dependency injection in JavaScript makes code testable and modular, but the same indirection that helps design can hide security bugs if you're not careful about what gets injected.

May 14, 20256 min read
AppSec

Code Injection in Python: How It Happens and How to Prevent It

Code injection python vulnerabilities almost always trace back to eval, exec, or a template engine handed untrusted input; here is how the attack works and how to close it off.

May 14, 20256 min read
Culture

OWASP Training: How to Actually Run It for a Dev Team

OWASP training only sticks when it's tied to the vulnerabilities your own codebase actually has, not a generic slide deck run once a year.

May 6, 20255 min read
DevSecOps

Application Development Security: Building It Into the SDLC

Application development security only works when it's built into the software development lifecycle from the first commit, not bolted on before a release deadline.

May 6, 20255 min read
Vulnerabilities

SQL Injection Prevention Cheat Sheet

A practitioner's SQL injection cheatsheet: parameterized queries, safe ORM use, input validation, least privilege, and the exact patterns to ban in review.

Apr 22, 20256 min read
secure-coding (Page 10) — Safeguard Blog