Application Security
In-depth guides and analysis on application security from the Safeguard engineering team.
480 articles
Code Review vs Static Analysis
Code review and static analysis catch different bugs at different gates. Here's how they differ, where each fails, and how to combine them.
Attack Surface Management (ASM): best practices guide
A practical attack surface management best practices guide for software supply chains, covering SBOMs, base image hardening, CI/CD exposure, and a 90-day rollout plan.
Application security assessments: a practical guide
A practical, numbers-based guide to running application security assessments -- scope, cadence, findings, and how Safeguard compares to image-hardening tools like Chainguard.
Next-Gen SCA Explained: What Changed in 2026
Next-gen SCA tools moved past package-tree scanning to reachability, runtime context, and exploit signal. Here's what actually changed and why it matters.
Attack surface reduction: practical strategies to minimiz...
Base images are one layer. Real attack surface reduction covers dependencies, build pipelines, and provenance too — here's what Chainguard's approach misses.
Best Secrets Detection Tools: 2026 Buyer's Guide
A field comparison of the best secrets detection tools in 2026 across precision, secret variety, and CI integration for teams hardening their supply chain.
Reachability Analysis for Ruby and RubyGems in 2026
Ruby reachability under metaprogramming, Rails autoloading, and Bundler groups. What bundler-audit and modern tools handle, and where they punt to over-approximation.
What is API Security
API security explained: what it is, why APIs are the top breach vector, the OWASP API Top 10, real breaches, and how to test and monitor endpoints.
API Security Testing Checklist & Best Practices
A concrete API security testing checklist covering OWASP API Top 10 risks, BOLA, SSRF, testing cadence, SAST/DAST, and how Safeguard closes the gaps.
How to Secure REST APIs
REST APIs keep failing the same way: BOLA, weak auth, shadow endpoints. Real breaches (T-Mobile, Optus, Peloton) and concrete fixes for each.
What is GraphQL Security
GraphQL's flexibility creates unique risks—excessive data exposure, DoS via nested queries, and broken field-level authorization. Here's how to defend it.
OWASP API Security Top 10 Explained
The 2023 OWASP API Security Top 10 explained with real breaches — T-Mobile, Optus, Peloton — plus what changed since 2019 and how to prioritize fixes.