Safeguard
Tag

secure-coding

Safeguard articles tagged "secure-coding" — guides, analysis, and best practices for software supply chain and application security.

129 articles

Buyer's Guides

Best security champions program and developer training pl...

A practical buyer's guide to security champions program tools — evaluation criteria, six real vendors compared honestly, and how to measure whether training actually reduces vulnerabilities.

Nov 7, 20258 min read
Industry Analysis

Cleartext Sensitive Information in Cookies

Cleartext sensitive data in cookies (CWE-315) quietly enables account takeover and IDOR. Here's how it happens, why it survives review, and how Safeguard catches it.

Oct 30, 20257 min read
Industry Analysis

Insecure Temporary File Creation

Insecure temp file creation (CWE-377) still causes real CVEs today — from JUnit4 to npm's tmp package. Here's how the race condition works and how to stop it.

Oct 30, 20257 min read
Industry Analysis

Sensitive Information Exposure in Error Messages

Stack traces, SQL errors, and debug pages routinely leak credentials, paths, and library versions to attackers. Here's how CWE-209 exposure happens and how to close it.

Oct 29, 20257 min read
Industry Analysis

SQL Injection Prevention in Node.js/JavaScript

SQL injection still hits Node.js apps through raw drivers, Sequelize, Prisma, and Knex alike. Here's how it happens, what safe queries look like, and how to catch it in CI.

Oct 27, 20259 min read
Industry Analysis

SQL Injection Prevention in Go with database/sql Prepared...

How Go's database/sql prepared statements prevent SQL injection, where developers still get it wrong with dynamic queries and ORMs, and how Safeguard catches these gaps in code review.

Oct 26, 20258 min read
Industry Analysis

SQL Injection Prevention in Rust with sqlx

sqlx blocks SQL injection by default with compile-time query checks and bind parameters — but format!() and raw SQL calls can still reopen the gap. Here's how to audit for it.

Oct 25, 20257 min read
Industry Analysis

SQL Injection Prevention in C++ with SQLite Bind Parameters

How sqlite3_bind_text() stops SQL injection in C++ apps, common mistakes with bind parameters, and how to audit existing SQLite code for injection risk.

Oct 25, 20257 min read
Industry Analysis

Path Traversal Prevention in PHP: Avoiding include() with...

PHP's include() turns a path traversal bug into remote code execution. See how CVE-2015-2213 and CVE-2022-1329 happened, and how to prevent it with allowlists.

Oct 25, 20257 min read
Industry Analysis

Path Traversal Prevention in Go with filepath.Join Valida...

filepath.Join in Go only cleans a path, it doesn't restrict it to a base directory. Here's why that gap produced real CVEs, and how to close it for good.

Oct 24, 20257 min read
Industry Analysis

Path Traversal Prevention in Java with Path.normalize

Path.normalize() cleans up "." and ".." in a Java path — but it doesn't stop path traversal. Here's why the Zip Slip pattern still slips past code review in 2026.

Oct 24, 20257 min read
Industry Analysis

Path Traversal Prevention in C# with Path.GetFullPath

Path.GetFullPath resolves traversal sequences, but it isn't a sanitizer on its own. Here's how C# teams get containment checks wrong, and how to fix them.

Oct 24, 20257 min read
secure-coding (Page 8) — Safeguard Blog