Safeguard
Tag

secure-coding

Safeguard articles tagged "secure-coding" — guides, analysis, and best practices for software supply chain and application security.

129 articles

Application Security

Preventing XML external entity (XXE) injection

XXE injection lets attackers read local files, trigger SSRF, or crash servers via XML parsers. Here is how it works and how to shut it down for good.

May 28, 20267 min read
Application Security

Python security best practices cheat sheet

A no-fluff cheat sheet of concrete Python security fixes—dependency pinning, pickle/eval risks, PyPI trust signals, and CI gates—with real CVEs and commands.

May 28, 20261 min read
Application Security

10 Java security best practices

10 Java security best practices security teams should enforce across dependency management, deserialization, injection, secrets, and build pipelines.

May 27, 20267 min read
Application Security

Go security cheat sheet for developers

A practical Go security cheat sheet: the real vulnerability classes, must-patch stdlib CVEs, and dependency scanning tactics developers need to know.

May 27, 20267 min read
Application Security

PHP security best practices guide

A practical PHP security best practices guide covering SQL injection, deserialization RCE, upload hardening, dependency risk, and real exploited CVEs like CVE-2024-4577.

May 27, 20268 min read
Application Security

Comparing React and Angular secure coding practices

React auto-escapes JSX but not URLs; Angular sanitizes by context but allows explicit bypasses. Here's where each framework's XSS defenses actually stop.

May 26, 20269 min read
Application Security

A guide to input validation with Spring Boot

Spring Boot doesn't validate input by default. Here's how Bean Validation actually works, where teams get it wrong, and how missing validation leads to injection and mass assignment.

May 25, 20266 min read
Application Security

5 Node.js security code snippets every backend developer should know

Five real Node.js vulnerability patterns with vulnerable-vs-fixed code: prototype pollution, NoSQL injection, missing headers, path traversal, and JWT flaws.

May 24, 20268 min read
Application Security

Command injection in Python: examples and prevention

Python command injection lets attackers run arbitrary OS commands via os.system() or subprocess. Learn how it works, a real CVE, and how to prevent it.

May 22, 20266 min read
Application Security

Code injection in Python: examples and prevention

How Python code injection (CWE-94) works, real CVEs like PyYAML's CVE-2020-14343, and concrete steps to detect and fix it before attackers do.

May 21, 20267 min read
Application Security

Symmetric vs asymmetric encryption: practical Python examples

Symmetric vs asymmetric encryption explained with working Python code: AES-256-GCM, RSA-OAEP, hybrid encryption, and the mistakes that cause real breaches.

May 21, 20267 min read
Application Security

Rust memory safety and its security advantages

Memory safety bugs cause ~70% of Microsoft's CVEs. Here's how Rust's ownership model eliminates them at compile time, with real CVE examples.

May 20, 20267 min read
secure-coding (Page 5) — Safeguard Blog