Application Security
In-depth guides and analysis on application security from the Safeguard engineering team.
480 articles
WebAssembly (WASM) security considerations
A 2018 WASM cryptominer hit 4,275+ websites in a day. Learn WebAssembly's real security risks, from memory bugs to supply chain blind spots.
Securing gRPC microservice communication
gRPC's binary, multiplexed transport breaks REST-era security tooling. Here's how to fix mTLS gaps, reflection exposure, and per-method authorization.
Microservices security: authentication between services
Service-to-service auth stops lateral movement between microservices. Learn how mTLS, OAuth2, and SPIFFE/SPIRE secure internal calls in production.
Bringing developer-first application security to C/C++
C/C++ still powers critical infrastructure but lags in AppSec tooling. Safeguard brings SBOM, reachability, and auto-fix to native code security.
Consolidating AppSec tools with an ASPM platform
Most AppSec teams run 10-15 disconnected tools. Here's how ASPM platforms consolidate them, why reachability changes what "critical" means, and how to evaluate one.
Security debt vs security risk: how to measure both
Security debt and security risk are measured differently and demand different remediation clocks. Here's how to quantify each — and where they collide.
Static analysis (SAST) buyer's guide for enterprise teams
A concrete buyer's guide to enterprise SAST: false-positive rates, reachability analysis, POC criteria, SBOM integration, and real pricing benchmarks for 2026.
Consolidating point solutions into a unified AppSec platform
Point solutions for SAST, SCA, DAST, and secrets scanning create duplicate alerts and blind spots — here's why teams are unifying AppSec now.
Preventing broken access control in Express.js applications
Express.js ships with no built-in authorization layer, making broken access control easy to introduce and hard to catch with pattern-based scanners.
Security concerns of using the Node.js VM module as a sandbox
Node's vm module and vm2 were never a security boundary. Four critical CVEs and a 2023 deprecation prove why untrusted-code sandboxes need real isolation.
What is Application Security (AppSec)
Application security spans SAST, SCA, secrets and container scanning. See how AppSec differs from DevSecOps, why it's now board-level, and how Safeguard prioritizes fixes.
Static Application Security Testing (SAST)
SAST scans source code for exploitable flaws before deployment. Learn how it works, how it differs from DAST/SCA, and where it falls short.