token-security
Safeguard articles tagged "token-security" — guides, analysis, and best practices for software supply chain and application security.
4 articles
OAuth and authentication patterns for Model Context Proto...
MCP OAuth authentication has been rewritten three times since March 2025. Here's how the spec, its token security model, and real CVEs like CVE-2025-49596 shape safe MCP deployments.
Session Persistence Security Risks
CircleCI, Okta, Sourcegraph, and Codecov were all breached the same way: a session token outlived the trust that created it. Here's how session persistence becomes a supply chain risk.
Slack 2022-2023 Incidents: Operational Retrospective
Slack disclosed a stolen-token incident over the 2022 holidays and a related GitHub repository access event; the operational lessons apply broadly.
OAuth Token Security Throughout the Lifecycle
OAuth tokens grant access to APIs, services, and user data. Their security across creation, storage, use, and revocation determines your application risk posture.