vulnerability-analysis
Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.
360 articles
LDAP injection vulnerabilities explained
LDAP injection lets attackers manipulate directory filters to bypass authentication or dump data. Here's how CWE-90 attacks work and how to stop them.
Server-side template injection (SSTI) explained
SSTI lets attackers turn template syntax into server-side RCE. See how it works, real CVEs like Confluence's, and how to prevent it.
Insecure direct object reference (IDOR) explained
IDOR lets attackers access other users' data by editing an ID in a request. See how it broke USPS, Panera, and First American — and how to actually fix it.
Authentication bypass vulnerabilities explained
Authentication bypass flaws let attackers skip login entirely. See how CVE-2022-40684, CVE-2023-22515, and CVE-2021-40539 were exploited and prevented.
Broken access control explained
Broken access control has topped OWASP's Top 10 since 2021. See real breaches, common patterns like IDOR, and how to detect and fix them.
Privilege escalation vulnerabilities explained
Privilege escalation vulnerabilities turn a low-privilege foothold into root or admin access. Learn how they work, key CVEs, and how to detect them.
Hardcoded credentials vulnerabilities explained
Hardcoded credentials (CWE-798) have caused real breaches at Uber, Toyota, and Mercedes-Benz. Here's how they happen, how common they are, and how to fix them.
Insecure randomness vulnerabilities explained
CWE-338 explained through the Debian OpenSSL and Android Bitcoin SecureRandom breaches — how weak PRNGs get exploited, and how to detect and fix them.
Weak/broken cryptography vulnerabilities explained
Weak cryptography vulnerabilities like MD5, ECB mode, and undersized RSA keys quietly break real systems. Learn how, with cases from Adobe, Logjam, and SHAttered.
Certificate validation bypass and man-in-the-middle risk explained
Certificate validation bypass flaws silently disable TLS's identity guarantees, opening the door to man-in-the-middle attacks. Here's how they happen and how to catch them.
Algorithmic complexity denial of service explained
Small inputs, big CPU spikes: how algorithmic complexity DoS vulnerabilities like ReDoS and hash flooding crash apps with a single request.
CI/CD pipeline supply chain attacks explained
A breakdown of how CI/CD supply chain attacks work, from SolarWinds to the 2025 tj-actions/changed-files breach, and how to detect and stop them.