Application Security
In-depth guides and analysis on application security from the Safeguard engineering team.
480 articles
API security and the rise of shadow/zombie APIs
Shadow and zombie APIs caused breaches at Optus, T-Mobile, and Peloton. Here's why code-scanning tools miss them and what API security best practices actually work.
Secrets detection and remediation best practices
Leaked API keys still cause breaches within minutes. Here's how secrets detection and remediation should work in practice, and where scanner-only tools fall short.
What is Static Application Security Testing (SAST)
SAST scans source code for flaws before deployment. Learn how it works, where Checkmarx-style tools fall short on supply chain risk, and how Safeguard closes the gap.
Interactive Application Security Testing (IAST) explained
IAST tests applications from the inside while they run, catching flaws SAST and DAST miss alone. Here's how it works, how Checkmarx uses it, and where gaps remain.
Static Analysis Tools compared
Veracode built its name on SAST, DAST, and SCA for application code. Safeguard focuses static analysis on the software supply chain. Here's how the two actually differ.
Application Security: The Complete Guide
What is application security? A concrete guide covering AppSec fundamentals, OWASP Top 10 risks, supply chain threats, and how Safeguard fills the gaps legacy tools like Veracode leave open.
Top AWS security misconfigurations and how to fix them
A practical AWS misconfigurations cheat sheet — IAM, S3, security groups, logging, and snapshots — with real breach data and exact fixes.
The AWS shared responsibility model explained
AWS secures the cloud; you secure what's in it. Here's exactly where that line falls across EC2, RDS, Lambda, and EKS -- with real breach examples.
Software Development Lifecycle (SDLC) security
A secure SDLC needs more than periodic scans. See where Veracode's upload-and-scan model leaves supply chain gaps, and how continuous, provenance-aware security closes them.
How to secure an Amazon S3 bucket
S3 misconfigurations have caused breaches from Verizon to Pegasus Airlines. Here's what actually secures a bucket—defaults, policies, encryption, and monitoring that hold.
Vulnerability Scanner Tools: how they work
A breakdown of how SAST, DAST, SCA, and container vulnerability scanner tools actually work, where Veracode fits, and why false positives remain the industry's biggest problem.
AWS IAM permissions boundaries best practices
How AWS IAM permissions boundaries cap delegated identities, differ from SCPs, and where teams get privilege escalation wrong.