secure-coding
Safeguard articles tagged "secure-coding" — guides, analysis, and best practices for software supply chain and application security.
129 articles
LDAP Injection Attacks: How They Work and How to Prevent Them
LDAP injection lets an attacker manipulate directory-service queries by inserting special filter characters into user input, often bypassing authentication entirely — here's how the attack works and how to stop it.
Preventing SQL Injection: A Defense-in-Depth Approach
Parameterized queries stop most SQL injection, but the attacks that make it to production usually slip past a single control — here's the layered defense that catches the rest.
Fixing XXE in Java: A Parser-by-Parser Hardening Guide
A parser-by-parser XXE fix for Java, covering DocumentBuilderFactory, SAXParser, XMLInputFactory, TransformerFactory, and the XML libraries that still ship unsafe defaults.
Software Security Testing: A Practitioner's Overview
Software security testing spans static analysis, dynamic testing, dependency scanning, and manual review — a practical map of which method catches what, written for people who actually run these programs.
What Is Dependency Injection? (And What It Means for Security)
Dependency injection is a design pattern where objects receive their dependencies from outside rather than creating them. It makes code testable and flexible — and it has real security implications.
Security Code Review Best Practices
How to make code reviews an effective security checkpoint without turning every PR into a week-long security audit.
Cross-Site Scripting (XSS) Prevention: Context-Aware Encoding and Modern Defenses
XSS remains a top web vulnerability because output encoding is context-dependent. Here is how to get it right across HTML, JavaScript, URL, and CSS contexts.
SQL Injection Prevention in 2022: Why It Still Happens and How to Stop It
SQL injection has been the top web vulnerability for over two decades. Modern frameworks help, but they do not make it impossible. Here is what still goes wrong.
Secure Coding Practices: A Developer's Guide
Practical secure coding habits every developer should build, covering input validation, authentication, dependency management, and more.