secure-coding
Safeguard articles tagged "secure-coding" — guides, analysis, and best practices for software supply chain and application security.
129 articles
Type-safe languages and their security benefits
Type safety eliminates entire CVE classes, not one bug at a time. Here's what the Microsoft, Google, and CISA data actually shows about the security payoff.
Securing Laravel PHP applications
CVE-2021-3129, leaked APP_KEYs, and Eloquent mass assignment still compromise Laravel apps in 2026 — here's how each attack works and how to close it.
How to prevent log injection vulnerabilities in Java
Log injection let attackers turn Log4j logging calls into remote code execution in 2021. Here's how CWE-117 works in Java and how to stop it.
How Does SQL Injection Work
A technical walkthrough of how SQL injection works, the main attack variants, real breaches it caused, and how to detect and prevent it.
What is Cross-Site Request Forgery (CSRF)
CSRF forges an authenticated request using a victim's own session cookie. Learn how it works, real Gmail/YouTube cases, and how to detect and fix it.
What is Command Injection
Command injection lets attackers run OS commands through unsanitized input. Learn how it works, real CVEs like Shellshock and PAN-OS, and how to prevent it.
What Are Cryptographic Failures
Cryptographic failures are OWASP's #2 Top 10 risk — weak, missing, or broken encryption. See real breaches, causes, and how to detect and fix them.
Risks of AI-Generated Code
AI coding assistants now write nearly half of some codebases—and research shows 45% of that code ships with exploitable flaws. Here's what security teams need to know.
What is the CERT Secure Coding Standard
CERT secure coding standards give C, C++, and Java developers rule-by-rule guidance — with IDs, risk scores, and fix patterns — for avoiding exploitable bugs.
What is Input Validation
Input validation stops malicious data at the door. See the CVEs — Equifax, Log4Shell, MOVEit — that prove why skipping it, or doing it wrong, is so costly.
What is Output Encoding
Output encoding neutralizes untrusted data before it reaches a browser or database -- the last line of defense against XSS, and most teams still get it wrong.
What is Input Sanitization
Input sanitization stops attacker-controlled data from executing as code. Learn how it works, how it differs from validation, and where it fails.