Application Security
In-depth guides and analysis on application security from the Safeguard engineering team.
480 articles
SonarQube SCA Capability Review 2026
A working review of SonarQube's SCA capability in 2026, comparing it against dedicated SCA tools on coverage, reachability, policy depth, and developer experience.
How to prevent log injection vulnerabilities in Java
Log injection let attackers turn Log4j logging calls into remote code execution in 2021. Here's how CWE-117 works in Java and how to stop it.
FOSSA vs Snyk SCA Comparison 2026
Two SCA platforms with very different roots: FOSSA from license compliance, Snyk from vulnerability scanning. Which one fits which buyer profile in 2026?
iOS application security best practices
Concrete iOS app security controls—Keychain data protection, ATS, dependency vetting, and privacy manifests—grounded in real CVEs like CocoaPods 2024 and BLASTPASS.
Android application security best practices
A practical, evidence-based guide to Android app security: data storage, network hardening, SDK risk, and CI/CD signing, with concrete CVEs and stats.
Browser extension security risks for developers
Cyberhaven's Chrome extension breach hit 400,000 users in hours. Here's how attackers hijack trusted extensions, and how to detect the risk before it spreads.
Electron app security best practices
nodeIntegration, contextIsolation, Chromium patch lag, and npm supply chain risk: the Electron security best practices that actually stop RCE.
Improving GraphQL security with static analysis
GraphQL's flexible query model breaks REST-era security assumptions. Here's how static analysis catches introspection leaks, DoS, and BOLA before deploy.
Building a secure GraphQL API with Node.js
A practical guide to securing Node.js GraphQL APIs: query complexity limits, field-level authorization, injection-safe resolvers, and CSRF hardening.
Serverless security implications from infra to OWASP
Serverless shrinks the OS attack surface but expands the IAM and dependency one. Here's how the OWASP Serverless Top 10 maps to real 2021-era incidents.
10 serverless security best practices
10 concrete, numbers-backed serverless security practices covering IAM least privilege, dependency SBOMs, event injection, and secrets management.
Securing AWS Lambda cold starts and execution permissions
Lambda cold starts inject live IAM credentials into shared execution environments — here's how over-permissioned roles and vulnerable layers turn that into a real attack surface.