secure-coding
Safeguard articles tagged "secure-coding" — guides, analysis, and best practices for software supply chain and application security.
129 articles
Preventing XML external entity (XXE) injection
XXE injection lets attackers read local files, trigger SSRF, or crash servers via XML parsers. Here is how it works and how to shut it down for good.
Python security best practices cheat sheet
A no-fluff cheat sheet of concrete Python security fixes—dependency pinning, pickle/eval risks, PyPI trust signals, and CI gates—with real CVEs and commands.
10 Java security best practices
10 Java security best practices security teams should enforce across dependency management, deserialization, injection, secrets, and build pipelines.
Go security cheat sheet for developers
A practical Go security cheat sheet: the real vulnerability classes, must-patch stdlib CVEs, and dependency scanning tactics developers need to know.
PHP security best practices guide
A practical PHP security best practices guide covering SQL injection, deserialization RCE, upload hardening, dependency risk, and real exploited CVEs like CVE-2024-4577.
Comparing React and Angular secure coding practices
React auto-escapes JSX but not URLs; Angular sanitizes by context but allows explicit bypasses. Here's where each framework's XSS defenses actually stop.
A guide to input validation with Spring Boot
Spring Boot doesn't validate input by default. Here's how Bean Validation actually works, where teams get it wrong, and how missing validation leads to injection and mass assignment.
5 Node.js security code snippets every backend developer should know
Five real Node.js vulnerability patterns with vulnerable-vs-fixed code: prototype pollution, NoSQL injection, missing headers, path traversal, and JWT flaws.
Command injection in Python: examples and prevention
Python command injection lets attackers run arbitrary OS commands via os.system() or subprocess. Learn how it works, a real CVE, and how to prevent it.
Code injection in Python: examples and prevention
How Python code injection (CWE-94) works, real CVEs like PyYAML's CVE-2020-14343, and concrete steps to detect and fix it before attackers do.
Symmetric vs asymmetric encryption: practical Python examples
Symmetric vs asymmetric encryption explained with working Python code: AES-256-GCM, RSA-OAEP, hybrid encryption, and the mistakes that cause real breaches.
Rust memory safety and its security advantages
Memory safety bugs cause ~70% of Microsoft's CVEs. Here's how Rust's ownership model eliminates them at compile time, with real CVE examples.