Tag
secure-logging
Safeguard articles tagged "secure-logging" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Application Security
Log injection attacks and how to stop forging your own audit trail
One unsanitized turns a log line into two, and a critical Log4j flaw with a CVSS score of 10.0 turned a log message into remote code execution.
Jul 15, 20265 min read
Best Practices
Data loss prevention for developers: stopping leaks before they hit the network
CWE-532 covers secrets logged in plaintext — the exact bug that led Twitter to reset every password on May 3, 2018. Network DLP can't catch it; your code has to.
Jul 8, 20267 min read
Application Security
How to prevent log injection vulnerabilities in Node.js
Log injection lets attackers forge log entries in Node.js apps via unsanitized input. Learn the sanitization, encoding, and structured-logging fixes that stop it.
May 29, 20266 min read