Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Industry Analysis

NoSQL Injection Attack Techniques

NoSQL injection lets attackers bypass logins and hijack MongoDB/CouchDB apps using operators like $ne and $where. Here's how it works and how to stop it.

Nov 9, 20258 min read
Industry Analysis

XPath Injection Vulnerabilities

XPath injection lets attackers rewrite XML queries to bypass logins and steal data. Here is how it works, real incidents, and how Safeguard defends against it.

Nov 9, 20258 min read
Industry Analysis

DOM-Based XSS: Client-Side Sink Vulnerabilities

DOM-based XSS sink vulnerabilities let attacker data reach dangerous JavaScript sinks without touching the server, slipping past WAFs and static scanners.

Nov 8, 20258 min read
Industry Analysis

ReDoS: Regular Expression Denial of Service Attacks

ReDoS took down Cloudflare's global network for 27 minutes in 2019 and Stack Overflow in 2016. Here's how one bad regex causes an outage, and how to catch it first.

Nov 8, 20258 min read
Vulnerability Management

Best bug bounty and vulnerability disclosure platforms

A practical buyers guide to bug bounty platforms and vulnerability disclosure program software, comparing HackerOne, Bugcrowd, Intigriti, YesWeHack, and more.

Nov 6, 20258 min read
Industry Analysis

Unrestricted Resource Consumption in APIs

API4:2023 shows how a single unbounded request—GraphQL depth, a ReDoS regex, an unthrottled upload—can take down an API or run up a cloud bill.

Nov 6, 20257 min read
Buyer's Guides

Best container registry vulnerability scanning tools

A practical look at container registry scanning tools — evaluation criteria, six real vendors compared fairly, and how Safeguard closes the supply-chain gaps scanning alone leaves open.

Nov 4, 20258 min read
Cloud Security

Kubernetes ingress controller vulnerability roundup

Ingress-nginx, Apache APISIX, and other Kubernetes ingress controllers have racked up critical CVEs since 2021 — here's what actually happened.

Nov 4, 20257 min read
Open Source Security

Compromise of Legitimate Upstream Packages

From xz-utils to polyfill.io, attackers increasingly compromise packages developers already trust rather than planting fakes. Here's how these attacks work and how Safeguard catches them.

Nov 4, 20257 min read
Open Source Security

Unmaintained Open Source Software: A Supply Chain Risk

Unmaintained open source components quietly power critical software until a bug hits and no one is left to patch it. Here's the risk, and how to manage it.

Nov 3, 20257 min read
Cloud Security

CI/CD pipeline security vulnerability trends

CI/CD pipelines now hold the keys attackers want most. Here's what tj-actions, Ultralytics, and Jenkins CVE-2024-23897 reveal about the trend.

Nov 3, 20257 min read
Software Supply Chain Security

Outdated Software Components: Quantifying the Risk

Outdated dependencies sit in nearly every codebase. Here's what Equifax and Log4Shell reveal about the real cost of unpatched software supply chain risk.

Nov 3, 20258 min read
vulnerability-management (Page 38) — Safeguard Blog