Safeguard
Tag

secure-coding

Safeguard articles tagged "secure-coding" — guides, analysis, and best practices for software supply chain and application security.

129 articles

Industry Analysis

Path Traversal Prevention in Ruby with File.realpath

How File.realpath stops path traversal in Ruby apps, why File.expand_path alone fails, and what real CVEs like Sprockets' CVE-2018-3760 reveal about secure file handling.

Oct 23, 20258 min read
Industry Analysis

Path Traversal Prevention in Rust with fs::canonicalize

fs::canonicalize resolves `..` and symlinks into one absolute path, but it can't fix TOCTOU races, missing files, or Windows prefix quirks on its own. Here's the safe pattern.

Oct 23, 20257 min read
Industry Analysis

Path Traversal Prevention in C++ with std::filesystem::we...

Why std::filesystem::weakly_canonical alone doesn't stop path traversal in C++, and the containment check every extraction, upload, or plugin loader needs beside it.

Oct 23, 20257 min read
Industry Analysis

XXE Prevention in Go with decoder.DisallowDTD

Go's standard XML parser resists classic XXE by design, but cgo bindings and SAML libraries can reopen it. Here's how the DisallowDTD pattern closes the gap.

Oct 21, 20257 min read
Industry Analysis

Secure Random Number Generation in JavaScript with crypto...

Math.random() is predictable and unsafe for security tokens. Here's why Node's crypto.randomBytes() is the standard for secure JavaScript randomness.

Oct 20, 20257 min read
Industry Analysis

Secure Random Number Generation in Python with the secret...

Python's random module is predictable, not secure. Here's why CWE-338 matters, when the secrets module (PEP 506, Python 3.6) fixed it, and how to generate tokens safely.

Oct 20, 20257 min read
Industry Analysis

Secure Random Number Generation in Ruby with SecureRandom

Ruby's built-in rand() uses a predictable Mersenne Twister and should never generate tokens, passwords, or session IDs. Here's how SecureRandom fixes that.

Oct 19, 20257 min read
Industry Analysis

Secure Random Number Generation in PHP with random_bytes

PHP's mt_rand() has a 32-bit seed space attackers can crack in seconds. Here's why random_bytes() and random_int() replaced it in PHP 7.0, and how weak randomness still causes breaches.

Oct 19, 20257 min read
Industry Analysis

Secure Random Number Generation in C# with RandomNumberGe...

Why System.Random is a security liability in C# and how RandomNumberGenerator prevents predictable tokens, nonces, and keys in .NET applications.

Oct 19, 20256 min read
Industry Analysis

Secure Random Number Generation in Java with SecureRandom...

Why java.util.Random and even UUID.randomUUID() can leak predictable tokens, and how Java's SecureRandom and NIST DRBG providers actually protect secrets.

Oct 18, 20257 min read
DevSecOps

OWASP Secure Coding Practices: A Working Checklist

OWASP secure coding practices boil down to a handful of checks that catch most real-world vulnerabilities — here's the checklist teams actually use, not the full 200-item reference.

Sep 18, 20255 min read
AppSec

Encryption and Decryption in Python: A Practical Guide

Encryption in Python is easy to get working and surprisingly easy to get wrong — here's how to do symmetric and asymmetric encryption correctly using the cryptography library instead of rolling your own.

Sep 16, 20256 min read
secure-coding (Page 9) — Safeguard Blog