Safeguard
Tag

web-security

Safeguard articles tagged "web-security" — guides, analysis, and best practices for software supply chain and application security.

90 articles

Vulnerability Analysis

What is Clickjacking

Clickjacking tricks users into clicking hidden UI via invisible iframes. Learn how it works, real incidents, key CVEs, and how to defend against it.

Mar 27, 20266 min read
Vulnerability Analysis

Cross-site scripting (XSS) explained for developers

XSS has topped vulnerability lists for two decades. Here's how reflected, stored, and DOM-based XSS actually work, real incidents, and how to fix them.

Dec 14, 20257 min read
Vulnerability Analysis

Directory listing exposure risks explained

Directory listing vulnerabilities expose raw file trees via one misconfigured Apache, Nginx, or IIS directive. Here's how they happen and how to fix them.

Dec 12, 20257 min read
Vulnerability Analysis

Subresource integrity bypass explained

SRI hashes can't stop what happens before the hash is made. How polyfill.io, British Airways, and event-stream exposed real gaps in browser integrity checks.

Dec 6, 20257 min read
Vulnerability Analysis

CRLF injection and HTTP response splitting explained

CRLF injection lets attackers forge HTTP headers and split responses. Here's how it works, real CVEs behind it, and how to detect and stop it.

Dec 6, 20257 min read
Buyer's Guides

Best DAST tools for web application security testing

A practical comparison of DAST tools -- from OWASP ZAP to Invicti -- covering real strengths, limitations, and what Safeguard adds beyond runtime scanning.

Nov 16, 20259 min read
Industry Analysis

CORS Misconfiguration Vulnerabilities

CORS misconfiguration vulnerabilities let attackers steal authenticated API data with a single reflected Origin header. Here's how they happen and how to catch them before release.

Nov 4, 20256 min read
Vulnerability Analysis

CVE-2020-11022: XSS in jQuery via htmlPrefilter

CVE-2020-11022 lets attacker-controlled HTML bypass sanitization via jQuery's htmlPrefilter, enabling XSS in versions before 3.5.0. Impact, timeline, and fixes.

Oct 15, 20257 min read
Vulnerability Analysis

CVE-2022-34265: SQL injection via Trunc/Extract database ...

A technical breakdown of CVE-2022-34265, the Django SQL injection flaw in Trunc() and Extract(), covering affected versions, risk, and remediation steps.

Oct 8, 20257 min read
AppSec

Webhooks Security: A Practical Checklist

Webhooks security is easy to get wrong because the endpoint has to trust an unauthenticated inbound request by default — here's the checklist that closes the common gaps.

Aug 22, 20255 min read
AppSec

How to Run a Website Security Check (Free and Paid Methods)

A step-by-step website security check using free tools and paid platforms, from a quick URL scanner pass to authenticated scans and dependency analysis.

Jul 29, 20256 min read
AppSec

Security Plugins for CMS and App Platforms: What They Actually Do

A security plugin can harden a CMS meaningfully, but it can't fix a vulnerable core install or a poorly coded theme — it's a layer, not a replacement for patching.

Jun 30, 20255 min read
web-security (Page 3) — Safeguard Blog