web-security
Safeguard articles tagged "web-security" — guides, analysis, and best practices for software supply chain and application security.
90 articles
Dynamic Application Security Testing: A Practitioner's Guide to DAST Done Right
DAST finds what source code analysis cannot. Here is how to set it up, tune it, and actually get value from it in a modern CI/CD pipeline.
Chrome Extension Manifest V3: What It Means for Browser Supply Chain Security
Chrome's Manifest V3 restricts extension capabilities in the name of security. The changes help, but they do not solve the browser extension supply chain problem.
PWA Service Worker Attack Surface: What Security Teams Overlook
Service workers give Progressive Web Apps powerful offline and caching capabilities, but they also create a persistent attack surface that outlives the browser tab. Understanding this surface is critical.
CDN Poisoning Attacks: How Cached Content Becomes a Weapon
CDN cache poisoning turns your performance infrastructure into an attack vector. When the cache serves malicious content to every user, the blast radius is massive and immediate.
Cross-Site Scripting (XSS) Prevention: Context-Aware Encoding and Modern Defenses
XSS remains a top web vulnerability because output encoding is context-dependent. Here is how to get it right across HTML, JavaScript, URL, and CSS contexts.
Session Management Security: A Complete Guide
Session management vulnerabilities enable account takeover, privilege escalation, and data theft. This guide covers session ID generation, storage, lifecycle, and the attacks that exploit weak session handling.
CSP Bypass Techniques and Prevention: Beyond the Basics
Content Security Policy is the strongest browser-side defense against XSS. But most CSP deployments are bypassable. Here is why, and how to fix it.
Race Condition Vulnerabilities in Web Applications
Race conditions in web applications lead to double-spending, privilege escalation, and data corruption. This guide covers the most common patterns, detection techniques, and practical defenses.
Browser Extension Attacks and the Supply Chain
Browser extensions run with elevated privileges and update automatically. When attackers compromise or acquire popular extensions, they gain access to millions of users instantly.
SQL Injection Prevention in 2022: Why It Still Happens and How to Stop It
SQL injection has been the top web vulnerability for over two decades. Modern frameworks help, but they do not make it impossible. Here is what still goes wrong.
Cookie Security for Modern Web Applications
Cookie misconfigurations remain one of the most common web vulnerabilities. From SameSite to cookie prefixes, here is how to configure cookies that resist session hijacking and CSRF attacks.
CORS Misconfiguration Exploitation: The Silent API Exposure
CORS misconfigurations are one of the most common web security issues. They silently expose your APIs to cross-origin data theft.