Application Security
In-depth guides and analysis on application security from the Safeguard engineering team.
480 articles
.NET and NuGet dependency vulnerability management
NuGet packages have delivered RATs, crypto stealers, and undisclosed data collection to .NET teams. Here's how to detect and defend against .NET/NuGet supply chain risk.
Securing Laravel PHP applications
CVE-2021-3129, leaked APP_KEYs, and Eloquent mass assignment still compromise Laravel apps in 2026 — here's how each attack works and how to close it.
Securing WordPress plugin dependencies
Real CVEs, a supply-chain hack that hit 360,000 sites, and bundled-library blind spots: what WordPress plugin security actually requires in 2026.
First-Party Code vs Open Source Risk: Where Should AppSec...
First-party code and open source dependencies are one attack surface. See how Safeguard's unified scanning compares to Endor Labs' open-source-first approach.
AI SAST: How AI-Native Static Analysis Finds Business Log...
Traditional SAST can't see business logic flaws because there's no bad syntax to match. Here's how AI-native static analysis finds them, and how Safeguard's approach compares to Endor Labs.
AI Security Code Review for Pull Requests
How AI code review security works in pull requests, where Endor Labs stops short, and what closes the gap between diff review and real supply chain risk.
Secrets Detection in Source Code: What Gets Missed by Reg...
Regex-based secrets scanners miss encoded, multi-line, and historical secrets in git history. Here is what a real secrets detection tool must catch.
Secrets management: tools and best practices
Secrets leak because of workflow gaps, not carelessness. Here's how vaults, scanners, and rotation policies actually stop credential exposure.
Finding and fixing exposed hardcoded secrets in GitHub projects
Hardcoded secrets leak into GitHub every day and get exploited within minutes. Here's how to find, fix, and prevent exposed credentials at scale.
SAST vs DAST vs SCA vs IAST
SAST, DAST, SCA, and IAST each test different risk. See how Safeguard's unified platform compares to Socket.dev's SCA-focused approach to supply chain security.
Endor Labs vs Snyk SCA 2026
Endor Labs built its SCA platform around reachability from day one. How does that architectural bet compare to Snyk's incumbent position in 2026?
Taint Analysis vs Reachability: What You Actually Need in 2026
Taint and reachability sound similar and answer different questions. Here is when each one matters, where vendors blur the line, and how to use both.