Application Security
XML Parsing Security: XXE, Billion Laughs, and Beyond
XML's feature richness is its security weakness. XXE, entity expansion, and XSLT injection continue to plague applications that process XML.
Jan 12, 20264 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
XML's feature richness is its security weakness. XXE, entity expansion, and XSLT injection continue to plague applications that process XML.
OWASP ASVS 5.0 restructured the verification levels and added new requirements for modern stacks. A practical adoption guide for teams using ASVS as their security baseline.
Mobile apps have unique security challenges that web-focused tools miss entirely. Here is a practical testing methodology for iOS and Android.
XXE attacks exploit XML parser features that most applications never need. Here is how to disable them across every major language and framework.
APIs are now the primary attack surface for most applications. Here is how to test for the OWASP API Security Top 10 risks systematically.
Deserialization vulnerabilities turn data into code execution. Here is how they work, which languages are most affected, and how to defend against them.
OWASP released its Top 10 for LLM Applications in August 2023, providing the first standardized framework for understanding and mitigating risks in AI-powered software.
APIs are both an attack surface and a supply chain dependency. This guide examines API security risks from authentication to third-party integrations.
SSRF lets attackers reach internal services through your application. In cloud environments, that often means access to instance metadata and IAM credentials.
Weekly insights on software supply chain security, delivered to your inbox.