Safeguard
Tag

secure-coding

Safeguard articles tagged "secure-coding" — guides, analysis, and best practices for software supply chain and application security.

129 articles

Vulnerability Analysis

What Are Parameterized Queries

Parameterized queries stop SQL injection by binding user input as data instead of parsing it as SQL — here's how they work, and where they still fail.

Jan 28, 20266 min read
Vulnerability Analysis

SQL injection: a complete developer's guide

A developer's guide to SQL injection: how it works, why CWE-89 still ranks in MITRE's Top 25, real breaches, and how to detect and fix it.

Dec 14, 20257 min read
Vulnerability Analysis

OS command injection explained

OS command injection lets attackers run arbitrary shell commands via unsanitized input. See how it works, real CVEs like PAN-OS 2024, and fixes.

Dec 13, 20256 min read
Vulnerability Analysis

Cross-site request forgery (CSRF) explained

CSRF forges authenticated requests using a victim's own session cookies. Learn how real attacks against Netflix and uTorrent worked, and how to stop them.

Dec 13, 20257 min read
Vulnerability Analysis

Integer overflow vulnerabilities explained

What integer overflow vulnerabilities are, how CWE-190 causes real breaches like Bitcoin's 2010 overflow bug, and how to detect and prevent them.

Dec 11, 20256 min read
Vulnerability Analysis

Insecure randomness vulnerabilities explained

CWE-338 explained through the Debian OpenSSL and Android Bitcoin SecureRandom breaches — how weak PRNGs get exploited, and how to detect and fix them.

Dec 8, 20257 min read
Vulnerability Analysis

Certificate validation bypass and man-in-the-middle risk explained

Certificate validation bypass flaws silently disable TLS's identity guarantees, opening the door to man-in-the-middle attacks. Here's how they happen and how to catch them.

Dec 8, 20256 min read
Vulnerability Analysis

Mass assignment vulnerabilities explained

Mass assignment lets attackers write privileged fields like "role":"admin" via ordinary API calls. Learn how it works, real CVEs, and fixes.

Dec 5, 20257 min read
Vulnerability Analysis

Improper input validation (CWE-20) explained

CWE-20 explained: how improper input validation causes SQLi, RCE, and DoS, with real CVEs like Equifax's Struts breach and how to detect and fix it.

Dec 1, 20257 min read
Application Security

Null Pointer Dereference Vulnerabilities

A single unchecked pointer can crash a server. Here's what null pointer dereference vulnerabilities are, real CVEs like OpenSSL's, and how to catch them.

Nov 10, 20257 min read
Application Security

Uncaught Exception Security Risks

An uncaught exception isn't just a crash: it caused the Equifax breach and Log4j outages. See how exception-handling bugs become real security incidents.

Nov 10, 20257 min read
Industry Analysis

Code Injection via eval() and exec() Across Languages

eval() and exec() turn dynamic code execution into remote code execution. A cross-language look at how it happens in Python, JS, PHP, and Ruby.

Nov 7, 20257 min read
secure-coding (Page 7) — Safeguard Blog