secure-coding
Safeguard articles tagged "secure-coding" — guides, analysis, and best practices for software supply chain and application security.
129 articles
Best security champions program and developer training pl...
A practical buyer's guide to security champions program tools — evaluation criteria, six real vendors compared honestly, and how to measure whether training actually reduces vulnerabilities.
Cleartext Sensitive Information in Cookies
Cleartext sensitive data in cookies (CWE-315) quietly enables account takeover and IDOR. Here's how it happens, why it survives review, and how Safeguard catches it.
Insecure Temporary File Creation
Insecure temp file creation (CWE-377) still causes real CVEs today — from JUnit4 to npm's tmp package. Here's how the race condition works and how to stop it.
Sensitive Information Exposure in Error Messages
Stack traces, SQL errors, and debug pages routinely leak credentials, paths, and library versions to attackers. Here's how CWE-209 exposure happens and how to close it.
SQL Injection Prevention in Node.js/JavaScript
SQL injection still hits Node.js apps through raw drivers, Sequelize, Prisma, and Knex alike. Here's how it happens, what safe queries look like, and how to catch it in CI.
SQL Injection Prevention in Go with database/sql Prepared...
How Go's database/sql prepared statements prevent SQL injection, where developers still get it wrong with dynamic queries and ORMs, and how Safeguard catches these gaps in code review.
SQL Injection Prevention in Rust with sqlx
sqlx blocks SQL injection by default with compile-time query checks and bind parameters — but format!() and raw SQL calls can still reopen the gap. Here's how to audit for it.
SQL Injection Prevention in C++ with SQLite Bind Parameters
How sqlite3_bind_text() stops SQL injection in C++ apps, common mistakes with bind parameters, and how to audit existing SQLite code for injection risk.
Path Traversal Prevention in PHP: Avoiding include() with...
PHP's include() turns a path traversal bug into remote code execution. See how CVE-2015-2213 and CVE-2022-1329 happened, and how to prevent it with allowlists.
Path Traversal Prevention in Go with filepath.Join Valida...
filepath.Join in Go only cleans a path, it doesn't restrict it to a base directory. Here's why that gap produced real CVEs, and how to close it for good.
Path Traversal Prevention in Java with Path.normalize
Path.normalize() cleans up "." and ".." in a Java path — but it doesn't stop path traversal. Here's why the Zip Slip pattern still slips past code review in 2026.
Path Traversal Prevention in C# with Path.GetFullPath
Path.GetFullPath resolves traversal sequences, but it isn't a sanitizer on its own. Here's how C# teams get containment checks wrong, and how to fix them.