Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

Web Application Security Standards overview

A breakdown of OWASP, NIST SSDF, and PCI DSS 4.0 web application security standards, where Veracode's scanning model covers them, and where supply-chain gaps remain.

Jun 20, 20267 min read
Application Security

Top 10 Azure security risks and prevention

Real Azure breaches — BlueBleed, ChaosDB, OMIGOD, Midnight Blizzard — trace back to storage misconfigs, identity sprawl, and exposed secrets, not zero-days.

Jun 20, 20267 min read
Application Security

OWASP Testing Tools and Methodology

OWASP testing tools cover the methodology; Veracode wraps part of it commercially. Neither was built for supply chain risk — here's where the gaps are and how to close them.

Jun 20, 20267 min read
Application Security

GCP IAM security best practices

GCP IAM misconfigurations, not exploits, cause most cloud breaches. Here is how to enforce least privilege, lock down service accounts, and audit access.

Jun 19, 20267 min read
Application Security

Breaking free from alert fatigue in AppSec

Veracode-style scanners flood AppSec teams with thousands of unranked alerts. Here's why appsec alert fatigue happens, what it costs, and how reachability-based triage fixes it.

Jun 16, 20268 min read
Application Security

Securing AWS Lambda functions

A practical guide to AWS Lambda security best practices: IAM scoping, dependency risk, secrets handling, and runtime detection for serverless apps.

Jun 16, 20267 min read
Application Security

Enterprise AppSec risk management at scale

Black Duck built its platform on decades of license-compliance SCA and acquired tools. Safeguard built a unified, reachability-aware supply-chain risk platform from day one.

Jun 13, 20267 min read
Application Security

Why LLM API keys should be treated as tier-zero secrets

A leaked LLM API key is a blank check and a data pipe in one credential. Here's why it demands tier-zero controls—and why tools like Black Duck never see it.

Jun 12, 20268 min read
Application Security

BSIMM16 report: benchmarking software security program ma...

BSIMM16 shows AI now drives more security program change than any other force, with 111 firms assessed and SBOM use up nearly 30%. Here's what it means — and its blind spots.

Jun 12, 20267 min read
Application Security

Reachability Analysis as the Missing Piece of SCA

Most SCA-flagged vulnerabilities aren't exploitable. Here's why reachability analysis — not just dependency matching — is what separates real risk from noise, and where Sonatype falls short.

Jun 7, 20268 min read
Application Security

OWASP Top 10 vulnerabilities explained

A breakdown of all 10 OWASP Top 10 categories with real CVEs (Log4Shell, Equifax, Heartbleed) mapped to each, and stats on which risks hit production most.

Jun 4, 20266 min read
Application Security

Container Security for the Software Supply Chain

Container scanning means more than SCA: OS layers, secrets, and provenance matter too. See the gaps in SCA-first tools and how Safeguard closes them.

Jun 4, 20267 min read
Application Security (Page 15) — Supply Chain Security Blog | Safeguard