vulnerability-analysis
Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.
360 articles
What is a Denial of Service (DoS) Attack
DoS attacks knock systems offline without stealing data. Learn how they work, real-world examples like Mirai and HTTP/2 Rapid Reset, and how to defend against them.
What is a DDoS Attack
A DDoS attack floods systems with botnet traffic until they collapse. See real Tbps records, the Rapid Reset CVE, and how to detect and mitigate one.
What is a Man-in-the-Middle Attack
A man-in-the-middle attack lets adversaries intercept trusted connections -- from Wi-Fi logins to CI/CD package fetches -- with real-world cases and defenses.
What is Privilege Escalation
Privilege escalation turns a minor foothold into a full breach. Learn the techniques, real-world examples, and how to detect and stop it.
What is Broken Access Control
Broken access control is OWASP's #1 web risk, found in 94% of apps tested. See how IDOR flaws breached First American, USPS, and Parler.
What is Insecure Direct Object Reference (IDOR)
IDOR lets attackers access other users data just by changing an ID in a URL or API call. Learn how it works, real breaches, and how to fix it.
What is Server-Side Template Injection (SSTI)
SSTI lets attackers turn untrusted input into executable template code, often leading to full remote code execution — here's how it works and how to stop it.
What is LDAP Injection
LDAP injection lets attackers manipulate directory queries to bypass authentication or dump directory data. Here's how it works, real CVEs, and how to stop it.
What is NoSQL Injection
NoSQL injection lets attackers bypass logins or run code using MongoDB operators like $ne and $where. See real CVEs, examples, and effective defenses.
What is Clickjacking
Clickjacking tricks users into clicking hidden UI via invisible iframes. Learn how it works, real incidents, key CVEs, and how to defend against it.
What is Session Hijacking
Session hijacking lets attackers seize an active, authenticated session and bypass passwords and MFA entirely. Here's how it works and how to stop it.
What is Credential Stuffing
Credential stuffing uses billions of breached passwords to hijack accounts at scale. Learn how it works, real breaches it caused, and how to stop it.