Safeguard
Tag

secure-coding

Safeguard articles tagged "secure-coding" — guides, analysis, and best practices for software supply chain and application security.

129 articles

AppSec

LDAP Injection Attacks: How They Work and How to Prevent Them

LDAP injection lets an attacker manipulate directory-service queries by inserting special filter characters into user input, often bypassing authentication entirely — here's how the attack works and how to stop it.

Apr 14, 20256 min read
Vulnerabilities

Preventing SQL Injection: A Defense-in-Depth Approach

Parameterized queries stop most SQL injection, but the attacks that make it to production usually slip past a single control — here's the layered defense that catches the rest.

Mar 18, 20256 min read
Vulnerabilities

Fixing XXE in Java: A Parser-by-Parser Hardening Guide

A parser-by-parser XXE fix for Java, covering DocumentBuilderFactory, SAXParser, XMLInputFactory, TransformerFactory, and the XML libraries that still ship unsafe defaults.

Feb 18, 20256 min read
AppSec

Software Security Testing: A Practitioner's Overview

Software security testing spans static analysis, dynamic testing, dependency scanning, and manual review — a practical map of which method catches what, written for people who actually run these programs.

Sep 30, 20245 min read
Dev Practices

What Is Dependency Injection? (And What It Means for Security)

Dependency injection is a design pattern where objects receive their dependencies from outside rather than creating them. It makes code testable and flexible — and it has real security implications.

Aug 21, 20246 min read
Best Practices

Security Code Review Best Practices

How to make code reviews an effective security checkpoint without turning every PR into a week-long security audit.

Mar 10, 20236 min read
Code Security

Cross-Site Scripting (XSS) Prevention: Context-Aware Encoding and Modern Defenses

XSS remains a top web vulnerability because output encoding is context-dependent. Here is how to get it right across HTML, JavaScript, URL, and CSS contexts.

Feb 12, 20236 min read
Code Security

SQL Injection Prevention in 2022: Why It Still Happens and How to Stop It

SQL injection has been the top web vulnerability for over two decades. Modern frameworks help, but they do not make it impossible. Here is what still goes wrong.

Oct 22, 20227 min read
Best Practices

Secure Coding Practices: A Developer's Guide

Practical secure coding habits every developer should build, covering input validation, authentication, dependency management, and more.

May 18, 20226 min read
secure-coding (Page 11) — Safeguard Blog