software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
Uncaught Exception Security Risks
An uncaught exception isn't just a crash: it caused the Equifax breach and Log4j outages. See how exception-handling bugs become real security incidents.
Insufficient Encapsulation Vulnerabilities
An insufficient encapsulation vulnerability (CWE-485) exposes internal state to untrusted code. See how it drove real CVEs in Velocity, Lodash, and BeanUtils.
Generation of Predictable Numbers or Identifiers
From Debian's 2008 OpenSSL bug to First American's 885-million-record leak, predictable identifiers keep breaking security. Here's how the vulnerability works and how to stop it.
Mobile app dependency vulnerability trends
Mobile apps now ship more third-party code than first-party. Safeguard's analysis breaks down where dependency vulnerabilities cluster and why.
Best binary analysis and reverse engineering tools
A practical, no-hype guide to binary analysis tools — from Ghidra and IDA Pro to firmware-focused platforms — with real strengths, limitations, and where Safeguard fits.
NoSQL Injection Attack Techniques
NoSQL injection lets attackers bypass logins and hijack MongoDB/CouchDB apps using operators like $ne and $where. Here's how it works and how to stop it.
Best fuzz testing tools for finding software vulnerabilities
A practical, no-hype comparison of AFL++, libFuzzer, OSS-Fuzz, Honggfuzz, Jazzer, and Mayhem — with real strengths, limitations, and how to choose.
XPath Injection Vulnerabilities
XPath injection lets attackers rewrite XML queries to bypass logins and steal data. Here is how it works, real incidents, and how Safeguard defends against it.
Best software composition analysis tools for mobile appli...
A no-hype comparison of mobile SCA tools for scanning iOS and Android dependencies, generating SBOMs, and catching open-source vulnerabilities before release.
Object Injection Vulnerabilities in PHP and Node.js
PHP's unserialize() and Node's insecure deserialization both let attackers forge objects and execute code. Here's how object injection works and how to stop it.
Best artifact repository security tools
A practical, no-hype buyer's guide to artifact repository security tools — what to evaluate, six real vendors compared fairly, and where Safeguard fits.
DOM-Based XSS: Client-Side Sink Vulnerabilities
DOM-based XSS sink vulnerabilities let attacker data reach dangerous JavaScript sinks without touching the server, slipping past WAFs and static scanners.