Safeguard
Tag

web-security

Safeguard articles tagged "web-security" — guides, analysis, and best practices for software supply chain and application security.

90 articles

Web Security

HTTP Request Smuggling: A Practical Guide

HTTP request smuggling exploits disagreements between frontend and backend servers about where one request ends and the next begins. This guide covers CL.TE, TE.CL, and TE.TE variants with detection and defense strategies.

Jan 5, 20246 min read
Application Security

Progressive Web App Security: The Risks Hiding in the Browser

PWAs blur the line between websites and applications. Their security model is browser-based, which introduces different risks than native applications.

Oct 12, 20235 min read
Code Security

Insecure Deserialization: Why Untrusted Data Should Never Become Objects

Deserialization vulnerabilities turn data into code execution. Here is how they work, which languages are most affected, and how to defend against them.

Oct 12, 20236 min read
Web Security

Authorization Vulnerabilities: Prevention and Best Practices

Authorization flaws let authenticated users access resources and perform actions beyond their intended permissions. Learn the most common authorization vulnerabilities and how to build robust access control systems.

Oct 5, 20237 min read
Web Security

Cache Poisoning Attacks: How They Work and How to Prevent Them

Cache poisoning attacks manipulate web caches to serve malicious content to other users. This guide covers web cache poisoning, DNS cache poisoning, and practical defenses for modern applications.

Sep 5, 20237 min read
Application Security

Template Injection (SSTI) Prevention Guide

Server-Side Template Injection turns template engines into code execution engines. This guide covers SSTI in Jinja2, Twig, Freemarker, and other engines, with detection techniques and layered defenses.

Aug 5, 20235 min read
Developer Security

Svelte and SvelteKit Security Best Practices for Production Apps

Svelte's compile-time approach reduces runtime attack surface, but SvelteKit introduces server-side considerations that require deliberate security attention. A practical guide.

Jul 18, 20236 min read
Best Practices

Flask Application Security: A Deep Dive

Flask gives you room to make mistakes. This is a long look at the patterns that keep Flask apps safe in 2023, covering sessions, extensions, Werkzeug, and Jinja.

Jun 18, 20237 min read
Code Security

Server-Side Request Forgery (SSRF): The Vulnerability That Unlocks Cloud Metadata

SSRF lets attackers reach internal services through your application. In cloud environments, that often means access to instance metadata and IAM credentials.

Jun 18, 20236 min read
Web Security

Authentication Bypass: Common Patterns Attackers Exploit

Authentication bypass vulnerabilities let attackers access protected resources without valid credentials. This guide covers the most common bypass patterns found in modern web applications and how to prevent each one.

Jun 5, 20238 min read
Application Security

Django Security and Supply Chain Guide

Securing Django applications with built-in security features, dependency management, and supply chain protections.

May 15, 20234 min read
Application Security

Subresource Integrity Failures: When CDN Trust Goes Wrong

SRI protects against CDN compromises and supply chain attacks on client-side scripts. Most web applications do not use it. Here is what they are missing.

May 12, 20235 min read
web-security (Page 6) — Safeguard Blog