Application Security
In-depth guides and analysis on application security from the Safeguard engineering team.
480 articles
Cheat sheet: 10 Bitbucket security best practices
A concrete, numbers-first cheat sheet covering the 10 Bitbucket security settings that stop misconfigurations from becoming supply chain breaches.
Fixing vulnerabilities in Maven projects
Maven vulnerability remediation isn't just running mvn versions:use-latest — here's how to triage, patch, and verify fixes without breaking builds.
Fixing vulnerabilities in Gradle projects
Gradle's resolved dependency graph rarely matches build.gradle. Here's how to find, force-fix, and lock vulnerable transitive dependencies for good.
The ultimate guide to creating a secure Python package
A concrete, numbers-first guide to locking dependencies, signing releases, and scanning for CVEs when building a secure Python package.
Command injection in Python: examples and prevention
Python command injection lets attackers run arbitrary OS commands via os.system() or subprocess. Learn how it works, a real CVE, and how to prevent it.
Code injection in Python: examples and prevention
How Python code injection (CWE-94) works, real CVEs like PyYAML's CVE-2020-14343, and concrete steps to detect and fix it before attackers do.
Application security testing types, trends, and top tools
A breakdown of the six core types of application security testing, how Mend.io's SCA-first approach compares to the broader market, and the tools and trends shaping AppSec in 2026.
10 dimensions of Python static analysis
Python static analysis spans ten distinct techniques, from AST linting to reachability analysis — most teams run only two or three, missing real exploitable risk.
Symmetric vs asymmetric encryption: practical Python examples
Symmetric vs asymmetric encryption explained with working Python code: AES-256-GCM, RSA-OAEP, hybrid encryption, and the mistakes that cause real breaches.
Using Python libraries for secure network communication
A look at requests, urllib3, cryptography, and paramiko: real CVEs (Terrapin, header leaks), insecure defaults, and how to pin them safely.
Rust memory safety and its security advantages
Memory safety bugs cause ~70% of Microsoft's CVEs. Here's how Rust's ownership model eliminates them at compile time, with real CVE examples.
Type-safe languages and their security benefits
Type safety eliminates entire CVE classes, not one bug at a time. Here's what the Microsoft, Google, and CISA data actually shows about the security payoff.