Application Security
In-depth guides and analysis on application security from the Safeguard engineering team.
480 articles
Web Application Security Standards overview
A breakdown of OWASP, NIST SSDF, and PCI DSS 4.0 web application security standards, where Veracode's scanning model covers them, and where supply-chain gaps remain.
Top 10 Azure security risks and prevention
Real Azure breaches — BlueBleed, ChaosDB, OMIGOD, Midnight Blizzard — trace back to storage misconfigs, identity sprawl, and exposed secrets, not zero-days.
OWASP Testing Tools and Methodology
OWASP testing tools cover the methodology; Veracode wraps part of it commercially. Neither was built for supply chain risk — here's where the gaps are and how to close them.
GCP IAM security best practices
GCP IAM misconfigurations, not exploits, cause most cloud breaches. Here is how to enforce least privilege, lock down service accounts, and audit access.
Breaking free from alert fatigue in AppSec
Veracode-style scanners flood AppSec teams with thousands of unranked alerts. Here's why appsec alert fatigue happens, what it costs, and how reachability-based triage fixes it.
Securing AWS Lambda functions
A practical guide to AWS Lambda security best practices: IAM scoping, dependency risk, secrets handling, and runtime detection for serverless apps.
Enterprise AppSec risk management at scale
Black Duck built its platform on decades of license-compliance SCA and acquired tools. Safeguard built a unified, reachability-aware supply-chain risk platform from day one.
Why LLM API keys should be treated as tier-zero secrets
A leaked LLM API key is a blank check and a data pipe in one credential. Here's why it demands tier-zero controls—and why tools like Black Duck never see it.
BSIMM16 report: benchmarking software security program ma...
BSIMM16 shows AI now drives more security program change than any other force, with 111 firms assessed and SBOM use up nearly 30%. Here's what it means — and its blind spots.
Reachability Analysis as the Missing Piece of SCA
Most SCA-flagged vulnerabilities aren't exploitable. Here's why reachability analysis — not just dependency matching — is what separates real risk from noise, and where Sonatype falls short.
OWASP Top 10 vulnerabilities explained
A breakdown of all 10 OWASP Top 10 categories with real CVEs (Log4Shell, Equifax, Heartbleed) mapped to each, and stats on which risks hit production most.
Container Security for the Software Supply Chain
Container scanning means more than SCA: OS layers, secrets, and provenance matter too. See the gaps in SCA-first tools and how Safeguard closes them.