vulnerability-analysis
Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.
360 articles
Secrets leakage in Docker images explained
How credentials get baked into Docker image layers, real incidents that exposed them, and how to detect and stop secrets leakage in container images.
RubyGems Escape Sequence Injection via Unpack API (CVE-20...
CVE-2019-8325 lets a malicious RubyGems package inject terminal escape sequences via the unpack API. Here's the impact, affected versions, and how to remediate it.
Terraform infrastructure-as-code misconfiguration explained
Terraform misconfigurations — not zero-days — cause most cloud breaches. Here's how they happen, real incidents they caused, and how to catch them pre-deploy.
Cloud IAM privilege escalation paths explained
A breakdown of how cloud IAM privilege escalation paths work across AWS, GCP, and Azure, with real permission chains and breach examples.
S3 bucket misconfiguration vulnerabilities explained
S3 misconfigurations have exposed hundreds of millions of records in breaches from Deep Root Analytics to Capital One. Here's how they happen and how to catch them.
Prompt injection vulnerabilities in LLM applications explained
Prompt injection is OWASP's #1 LLM risk. See real CVEs like Vanna.AI's RCE flaw and how to detect and stop it.
Python Pickle deserialization risk explained
Pickle deserialization lets attacker-controlled data execute arbitrary code on load. Here's how the exploit works, real CVEs, and how to fix it.
Java deserialization gadget chains explained
Java deserialization gadget chains turn trusted classpath libraries into RCE. Learn how they work, key CVEs like CVE-2015-4852, and how to detect them.
Regular expression injection explained
Regex injection lets attackers rewrite pattern logic or trigger ReDoS. See real CVEs, exploit examples, and how to detect and fix it in your code.
Argument injection vulnerabilities explained
How argument injection (CWE-88) vulnerabilities work, real CVEs like PHPMailer and Git ssh URLs, and how teams detect and prevent CWE-88 flaws.
Improper input validation (CWE-20) explained
CWE-20 explained: how improper input validation causes SQLi, RCE, and DoS, with real CVEs like Equifax's Struts breach and how to detect and fix it.
Sensitive data exposure in application logs explained
Passwords, tokens, and PII often end up readable in plaintext logs. Here's how CWE-532 exposures happen, real breaches they caused, and how to fix them.