Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

AngularJS security fundamentals

AngularJS has been unpatched since January 2022, yet it still runs in production. Here's the CVE history, the sandbox saga, and how to find your exposure.

May 26, 20267 min read
Application Security

Top SAST solutions compared for 2026

Comparing Safeguard and Mend.io on SAST scope, CI/CD fit, and compliance coverage—what's verifiable, what to test yourself, and how a unified platform changes the tradeoffs.

May 26, 20268 min read
Application Security

10 Spring Boot security best practices

Ten concrete Spring Boot security practices, with real CVEs, config flags, and file paths, to close the gaps attackers actually exploit.

May 25, 20267 min read
Application Security

Best application security testing providers ranked

Mend.io built its reputation on SCA and open source dependency scanning. Here's how Safeguard's supply chain security approach compares.

May 25, 20267 min read
Application Security

A guide to input validation with Spring Boot

Spring Boot doesn't validate input by default. Here's how Bean Validation actually works, where teams get it wrong, and how missing validation leads to injection and mass assignment.

May 25, 20266 min read
Application Security

How to secure Python Flask applications

Flask ships without built-in CSRF, headers, or session hardening. Here's how real CVEs like debug-mode RCE and cookie forgery get exploited—and stopped.

May 25, 20266 min read
Application Security

Securing Django applications from common vulnerabilities

Django's secure-by-default reputation hides real gaps: SQL injection via Trunc()/Extract(), ReDoS in Truncator, and misconfigured DEBUG settings still cause incidents.

May 25, 20266 min read
Application Security

Comparing Node.js frameworks for security: Express, Fastify, NestJS

Express, Fastify, and NestJS compared on real CVE history, default security posture, and dependency risk — plus how to close the gaps framework choice alone can't.

May 24, 20267 min read
Application Security

5 Node.js security code snippets every backend developer should know

Five real Node.js vulnerability patterns with vulnerable-vs-fixed code: prototype pollution, NoSQL injection, missing headers, path traversal, and JWT flaws.

May 24, 20268 min read
Application Security

Securing Next.js applications and middleware

CVE-2025-29927 let attackers bypass Next.js middleware auth with one header. Here's how that and three other real CVEs expose middleware, Server Actions, and caching.

May 24, 20267 min read
Application Security

5 best practices for React with TypeScript security

TypeScript's type system stops at compile time. Five concrete practices — with real CVEs and incidents — for securing React + TypeScript apps against what it misses.

May 23, 20266 min read
Application Security

10 GitHub security best practices

10 concrete GitHub security controls—2FA, push protection, branch rules, pinned Actions, SBOM—with real CVEs and dates security teams can act on today.

May 23, 20267 min read
Application Security (Page 18) — Supply Chain Security Blog | Safeguard