secure-coding
Safeguard articles tagged "secure-coding" — guides, analysis, and best practices for software supply chain and application security.
129 articles
The Hidden Risk of Copy-Pasted Code Snippets from Forums ...
Copy-pasted code from Stack Overflow and AI chats often ships with hidden vulnerabilities. Here's the data behind the risk, real breaches it caused, and how to catch it.
Model Training Data and the Propagation of Insecure Codin...
LLM coding assistants inherit insecure patterns from their training data — from SQLi-prone snippets to hallucinated packages attackers exploit. Here's how the risk propagates.
How AI Code Generation Is Changing the Shape of the OWASP...
AI coding assistants are quietly reshuffling the OWASP Top Ten, elevating software supply chain risk and reviving old injection bugs at machine speed.
Why Security Training Completion Rates Don't Predict Secu...
Completion rates measure attendance, not behavior. Here's why training checkboxes don't predict secure coding outcomes, and what to measure instead.
Gamification of Secure Coding: Does It Change Long-Term B...
Gamified secure coding training boosts engagement fast — but does it change what developers ship six months later? Here's what the data actually shows.
Blind SQL Injection: A Practical Cheat Sheet
This blind sql injection cheat sheet covers how boolean-based and time-based blind attacks actually work, why they succeed against apps with no visible error output, and how to close them off.
Encryption Algorithms in Java: A Practical Overview
Java ships a wide menu of encryption algorithms through its Java Cryptography Architecture, but picking the wrong mode or a deprecated cipher is one of the most common security findings in Java codebases.
Dependency Injection in JavaScript: Security Notes
Dependency injection in JavaScript makes code testable and modular, but the same indirection that helps design can hide security bugs if you're not careful about what gets injected.
Code Injection in Python: How It Happens and How to Prevent It
Code injection python vulnerabilities almost always trace back to eval, exec, or a template engine handed untrusted input; here is how the attack works and how to close it off.
OWASP Training: How to Actually Run It for a Dev Team
OWASP training only sticks when it's tied to the vulnerabilities your own codebase actually has, not a generic slide deck run once a year.
Application Development Security: Building It Into the SDLC
Application development security only works when it's built into the software development lifecycle from the first commit, not bolted on before a release deadline.
SQL Injection Prevention Cheat Sheet
A practitioner's SQL injection cheatsheet: parameterized queries, safe ORM use, input validation, least privilege, and the exact patterns to ban in review.