Application Security
In-depth guides and analysis on application security from the Safeguard engineering team.
480 articles
OWASP API Security Top 10 risks explained
The OWASP API Security Top 10 ranks BOLA, broken auth, SSRF, and 7 more API risks behind breaches like Optus and T-Mobile — explained with real incidents.
Implementing the OWASP Top 10 Proactive Controls
A field guide to the OWASP Top 10 Proactive Controls: what each control requires, real breach examples like Equifax, and how to implement them in CI/CD.
What is SAST? Static Application Security Testing explained
SAST scans source code for vulnerabilities before deployment. Learn how it works, where it fits vs. DAST/SCA, its false-positive limits, and 2026 tooling.
What is DAST? Dynamic Application Security Testing explained
DAST tests running applications like an attacker would. Learn how it works, how it differs from SAST, and where it falls short.
SAST vs DAST vs SCA: choosing the right tool
SAST, DAST, and SCA each answer a different security question — here's what each catches, when to run them, and how to prioritize the flood of findings.
What Is Perimeter Protection in Application Security
Perimeter protection screens packages at the gate — but xz-utils, SolarWinds, and event-stream all slipped past firewalls. Here's what it catches, and what it misses.
SAST vs DAST: static and dynamic application security tes...
SAST catches insecure code before deploy; DAST tests running apps after. We compare both against JFrog's Artifactory-first model and Safeguard's supply-chain-native approach.
How to secure a REST API
REST API breaches from T-Mobile to Optus trace to a handful of recurring mistakes. Here's how to fix authorization, auth, injection, and rate limiting.
SQL injection cheat sheet: 8 best practices to prevent it
SQL injection still breaches Fortune 500s in 2026. Here are 8 concrete practices — from parameterized queries to reachability analysis — that actually stop it.
Regular Expression Denial of Service (ReDoS) explained
ReDoS turns a single crafted string into an exponential-time attack. Here's how catastrophic backtracking works, real CVEs, and how to detect it.
Zip Slip vulnerability cheat sheet
A concrete, question-driven cheat sheet on Zip Slip: how the archive-extraction path traversal bug works, real CVEs, and how to detect and fix it.
Preventing path traversal (directory traversal) attacks
Path traversal lets attackers read or write files outside a web app's directory using ../ sequences. Here's how it works and how to stop it.