Safeguard
Tag

web-security

Safeguard articles tagged "web-security" — guides, analysis, and best practices for software supply chain and application security.

90 articles

Vulnerabilities

SSRF Examples and How They're Actually Exploited

Real SSRF examples, from cloud metadata theft to internal port scanning, showing exactly how a server-side request forgery bug gets turned into a full compromise.

Jun 11, 20246 min read
Vulnerabilities

CSRF Attacks: How They Work and How Tokens Stop Them

A CSRF attack rides a logged-in user's browser to forge requests they never meant to send. Here is the mechanism and why anti-CSRF tokens defeat it.

May 27, 20246 min read
Vulnerabilities

SQL Injection Basics for Engineers Who Aren't Security Specialists

SQL injection is still one of the most common ways applications get breached, and the fix is usually a one-line change — this walks through the basics with a real example.

May 14, 20245 min read
Best Practices

Django Security Best Practices, 2024 Edition

From SECRET_KEY hygiene to middleware ordering, the Django security checklist worth actually following in 2024, grounded in real CVEs and production incidents.

Apr 10, 20246 min read
Application Security

WebSocket Security in Modern Applications

WebSockets enable real-time communication but introduce attack surfaces that traditional HTTP security controls miss entirely.

Apr 8, 20245 min read
Application Security

Prototype Pollution in JavaScript: Prevention Guide

Prototype pollution lets attackers modify the behavior of all JavaScript objects by injecting properties into Object.prototype. This guide covers exploitation techniques, real-world impact, and layered defenses.

Apr 5, 20246 min read
Vulnerabilities

XSS Script Examples, Annotated

Reading a real xss script example line by line makes cross-site scripting concrete in a way definitions rarely do — here are annotated examples across the three main XSS types.

Mar 25, 20245 min read
Vulnerabilities

XSS Attack Explained: How Cross-Site Scripting Works

An XSS attack lets an attacker run their JavaScript in your users' browsers. Here is how cross-site scripting works, the three types, and how to stop it.

Mar 12, 20247 min read
Code Security

XML External Entity (XXE) Prevention: Disabling the Features That Attack You

XXE attacks exploit XML parser features that most applications never need. Here is how to disable them across every major language and framework.

Feb 18, 20245 min read
Application Security

Service Worker Security Risks: The Persistent Threat in Your Browser

Service workers intercept network requests, cache content, and run in the background. When compromised, they become a persistent foothold in the browser.

Feb 12, 20246 min read
Best Practices

Remix Framework Security Deep Dive

Remix's server-first architecture and loader/action primitives make for a distinctive security model. The framework encourages good patterns, but the places where it leaves choices to the developer are where I find the interesting bugs.

Feb 8, 20247 min read
Web Security

Privilege Escalation in Web Applications: Attacks and Defenses

Privilege escalation vulnerabilities let attackers elevate their access level within an application. This guide covers both vertical and horizontal escalation techniques, real-world patterns, and concrete defenses.

Feb 5, 20247 min read
web-security (Page 5) — Safeguard Blog