web-security
Safeguard articles tagged "web-security" — guides, analysis, and best practices for software supply chain and application security.
90 articles
SSRF Exploitation in Cloud Environments
Server-Side Request Forgery is especially dangerous in cloud environments where metadata services expose credentials and configuration. This guide covers SSRF exploitation techniques and defenses specific to AWS, GCP, and Azure.
CDN Supply Chain Security Risks You Should Know
Content delivery networks serve billions of software assets daily. When a CDN is compromised, the blast radius is enormous. Here's what CDN supply chain risks look like and how to defend against them.
Security Headers Implementation Checklist: Hardening Your Web Application
HTTP security headers are your first line of defense against XSS, clickjacking, and data injection attacks. Here is a practical implementation checklist with correct configurations.
Broken Access Control: The Number One Web Vulnerability and How to Fix It
Access control moved to the top of the OWASP Top 10 in 2021. Here is why it is so hard to get right and what a solid authorization architecture looks like.
File Upload Vulnerability Prevention: A Practical Guide
File upload functionality is one of the most dangerous features in web applications. This guide covers the attack vectors, bypass techniques, and layered defenses needed to handle file uploads securely.
TypeScript Strict Mode Security Benefits: More Than Just Type Safety
TypeScript's strict mode catches entire categories of bugs at compile time. Some of those bugs have direct security implications.