Safeguard
Tag

web-security

Safeguard articles tagged "web-security" — guides, analysis, and best practices for software supply chain and application security.

90 articles

Application Security

Dynamic Application Security Testing: A Practitioner's Guide to DAST Done Right

DAST finds what source code analysis cannot. Here is how to set it up, tune it, and actually get value from it in a modern CI/CD pipeline.

Mar 18, 20237 min read
Browser Security

Chrome Extension Manifest V3: What It Means for Browser Supply Chain Security

Chrome's Manifest V3 restricts extension capabilities in the name of security. The changes help, but they do not solve the browser extension supply chain problem.

Mar 15, 20235 min read
Application Security

PWA Service Worker Attack Surface: What Security Teams Overlook

Service workers give Progressive Web Apps powerful offline and caching capabilities, but they also create a persistent attack surface that outlives the browser tab. Understanding this surface is critical.

Mar 5, 20237 min read
Web Security

CDN Poisoning Attacks: How Cached Content Becomes a Weapon

CDN cache poisoning turns your performance infrastructure into an attack vector. When the cache serves malicious content to every user, the blast radius is massive and immediate.

Feb 12, 20236 min read
Code Security

Cross-Site Scripting (XSS) Prevention: Context-Aware Encoding and Modern Defenses

XSS remains a top web vulnerability because output encoding is context-dependent. Here is how to get it right across HTML, JavaScript, URL, and CSS contexts.

Feb 12, 20236 min read
Web Security

Session Management Security: A Complete Guide

Session management vulnerabilities enable account takeover, privilege escalation, and data theft. This guide covers session ID generation, storage, lifecycle, and the attacks that exploit weak session handling.

Feb 5, 20235 min read
Application Security

CSP Bypass Techniques and Prevention: Beyond the Basics

Content Security Policy is the strongest browser-side defense against XSS. But most CSP deployments are bypassable. Here is why, and how to fix it.

Jan 12, 20235 min read
Web Security

Race Condition Vulnerabilities in Web Applications

Race conditions in web applications lead to double-spending, privilege escalation, and data corruption. This guide covers the most common patterns, detection techniques, and practical defenses.

Jan 5, 20238 min read
Application Security

Browser Extension Attacks and the Supply Chain

Browser extensions run with elevated privileges and update automatically. When attackers compromise or acquire popular extensions, they gain access to millions of users instantly.

Nov 5, 20226 min read
Code Security

SQL Injection Prevention in 2022: Why It Still Happens and How to Stop It

SQL injection has been the top web vulnerability for over two decades. Modern frameworks help, but they do not make it impossible. Here is what still goes wrong.

Oct 22, 20227 min read
Web Security

Cookie Security for Modern Web Applications

Cookie misconfigurations remain one of the most common web vulnerabilities. From SameSite to cookie prefixes, here is how to configure cookies that resist session hijacking and CSRF attacks.

Oct 5, 20225 min read
Application Security

CORS Misconfiguration Exploitation: The Silent API Exposure

CORS misconfigurations are one of the most common web security issues. They silently expose your APIs to cross-origin data theft.

Sep 12, 20225 min read
web-security (Page 7) — Safeguard Blog