vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
NoSQL Injection Attack Techniques
NoSQL injection lets attackers bypass logins and hijack MongoDB/CouchDB apps using operators like $ne and $where. Here's how it works and how to stop it.
XPath Injection Vulnerabilities
XPath injection lets attackers rewrite XML queries to bypass logins and steal data. Here is how it works, real incidents, and how Safeguard defends against it.
DOM-Based XSS: Client-Side Sink Vulnerabilities
DOM-based XSS sink vulnerabilities let attacker data reach dangerous JavaScript sinks without touching the server, slipping past WAFs and static scanners.
ReDoS: Regular Expression Denial of Service Attacks
ReDoS took down Cloudflare's global network for 27 minutes in 2019 and Stack Overflow in 2016. Here's how one bad regex causes an outage, and how to catch it first.
Best bug bounty and vulnerability disclosure platforms
A practical buyers guide to bug bounty platforms and vulnerability disclosure program software, comparing HackerOne, Bugcrowd, Intigriti, YesWeHack, and more.
Unrestricted Resource Consumption in APIs
API4:2023 shows how a single unbounded request—GraphQL depth, a ReDoS regex, an unthrottled upload—can take down an API or run up a cloud bill.
Best container registry vulnerability scanning tools
A practical look at container registry scanning tools — evaluation criteria, six real vendors compared fairly, and how Safeguard closes the supply-chain gaps scanning alone leaves open.
Kubernetes ingress controller vulnerability roundup
Ingress-nginx, Apache APISIX, and other Kubernetes ingress controllers have racked up critical CVEs since 2021 — here's what actually happened.
Compromise of Legitimate Upstream Packages
From xz-utils to polyfill.io, attackers increasingly compromise packages developers already trust rather than planting fakes. Here's how these attacks work and how Safeguard catches them.
Unmaintained Open Source Software: A Supply Chain Risk
Unmaintained open source components quietly power critical software until a bug hits and no one is left to patch it. Here's the risk, and how to manage it.
CI/CD pipeline security vulnerability trends
CI/CD pipelines now hold the keys attackers want most. Here's what tj-actions, Ultralytics, and Jenkins CVE-2024-23897 reveal about the trend.
Outdated Software Components: Quantifying the Risk
Outdated dependencies sit in nearly every codebase. Here's what Equifax and Log4Shell reveal about the real cost of unpatched software supply chain risk.