Safeguard
Tag

session-management

Safeguard articles tagged "session-management" — guides, analysis, and best practices for software supply chain and application security.

9 articles

Application Security

Why Math.random() is a security bug waiting to happen

A 2008 Debian OpenSSL patch cut key entropy to ~32,768 values; a 2012 scan found 0.75% of TLS certs shared keys. Weak PRNGs still cause real breaches.

Jul 14, 20266 min read
Application Security

Where should your SPA store auth tokens?

OWASP has warned against localStorage tokens for years, yet it remains the default in countless SPA tutorials — one XSS bug is all it takes to exfiltrate every session.

Jul 10, 20266 min read
AI Security

The Security Chores Agents Should Handle Themselves

Enabling 2FA, rotating a password, revoking a stale session, minting a scoped key — the account-hygiene tasks everyone postpones. When an agent can do them through MCP, 'later' becomes 'now.'

Jul 9, 20264 min read
Application Security

Secure session lifecycle management: tokens, rotation, and cookie flags

OWASP requires session IDs carry at least 64 bits of entropy, yet a 2007 Rails flaw shows one dropped attribute is enough to make fixation trivial.

Jul 8, 20266 min read
Security Guides

OWASP A07: Identification and Authentication Failures — A Deep-Dive Guide

Identification and Authentication Failures rank #7 in the OWASP Top 10 (2021). A deep dive into credential stuffing, session handling, real CVEs, and 2026 fixes.

Jul 5, 20266 min read
Vulnerability Analysis

What is Session Hijacking

Session hijacking lets attackers seize an active, authenticated session and bypass passwords and MFA entirely. Here's how it works and how to stop it.

Mar 26, 20267 min read
Vulnerability Analysis

What is Broken Authentication

Broken authentication lets attackers assume another user's identity via credential stuffing, forged tokens, or auth-bypass CVEs like Fortinet's CVE-2022-40684.

Mar 23, 20266 min read
AppSec

Web Session Security: A Practical Guide

Web session security is the set of controls that keep a logged-in user's session token from being stolen, guessed, or reused by an attacker — and most of it comes down to a handful of cookie flags and lifecycle rules teams routinely skip.

Jun 11, 20255 min read
Web Security

Session Management Security: A Complete Guide

Session management vulnerabilities enable account takeover, privilege escalation, and data theft. This guide covers session ID generation, storage, lifecycle, and the attacks that exploit weak session handling.

Feb 5, 20235 min read
session-management — Safeguard Blog