Safeguard
Tag

secure-coding

Safeguard articles tagged "secure-coding" — guides, analysis, and best practices for software supply chain and application security.

129 articles

Best Practices

Parameterized queries across languages: the real defense against SQL injection

SQL injection (CWE-89) still ranks #3 on the OWASP Top 10, but every major language has shipped a native, built-in fix for over a decade — most breaches happen anyway.

Jul 8, 20267 min read
Application Security

Unsafe Deserialization in Swift: NSCoding, Codable, and Safer Patterns

Two 2019 iOS zero-click bugs, CVE-2019-8646 and CVE-2019-8647, both traced back to NSKeyedUnarchiver — a reminder that Swift's Objective-C legacy still hides deserialization risk.

Jul 8, 20265 min read
Security Guides

Preventing CSRF and XSS in ASP.NET Core

How CSRF and XSS actually work against ASP.NET Core apps, and the concrete defenses, antiforgery tokens, Razor output encoding, CSP, and SameSite cookies, that shut them down.

Jul 7, 20266 min read
Security Guides

The gosec Static Analysis Guide: Rules, CI, and Taming False Positives

gosec catches hardcoded secrets, weak crypto, unsafe SQL, and command injection in Go — but only if you run it well and triage it honestly. A practical guide to the rules that matter and the noise that doesn't.

Jul 7, 20266 min read
Security Guides

Secrets Management for Python Applications

Hard-coded API keys and .env files committed to git are still the fastest route into a Python app. Here is how to keep secrets out of your code and your history.

Jul 7, 20265 min read
Security Guides

C# Cryptography Best Practices in .NET

The right way to do cryptography in C#: authenticated encryption with AesGcm, secure randomness, PBKDF2 password hashing, constant-time comparison, and the legacy APIs to stop using.

Jul 5, 20265 min read
Career

Essential Security Skills Every Developer Should Learn

Security is no longer a separate team's job. Here are the essential security skills every developer should build in 2026—why they matter to your career, how to learn them for free, and how to prove you have them.

Jul 5, 20266 min read
Security Guides

Java SQL Injection Prevention: Parameterized Queries and Beyond

SQL injection is decades old and still breaching Java apps. Here's how to prevent it with prepared statements, JPA binding, and safe dynamic queries.

Jul 5, 20265 min read
Guides

Secure Coding for Beginners: Writing Code That Resists Attack

Secure coding is not a separate discipline you bolt on later. It is a set of small habits you weave into the way you already write software. Here is a friendly introduction with a first exercise to try today.

Jul 5, 20266 min read
Security Guides

Preventing Command Injection in Python

Every time Python code shells out with user input, an attacker gets a vote on what the shell runs. The fix is almost always to stop using the shell at all.

Jul 4, 20265 min read
Security Guides

Preventing SQL Injection in .NET with Entity Framework Core

How SQL injection still happens in Entity Framework Core apps, which EF Core APIs are safe by default, which ones aren't, and the exact patterns that keep raw SQL parameterized.

Jul 3, 20266 min read
Security Guides

SQL Injection in Go: Why database/sql Is Safe Until You Reach for Sprintf

database/sql gives Go parameterized queries for free — yet SQL injection still ships in Go services through dynamic query building, ORM escape hatches, and misused identifiers. Here's the line you can't cross.

Jul 3, 20266 min read
secure-coding (Page 3) — Safeguard Blog