Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

Reachability Analysis for Python and pip in 2026

Python reachability is hard but useful: dynamic dispatch, monkey-patching, optional extras, and how modern tools handle real Django and FastAPI services.

Feb 26, 20266 min read
Application Security

CodeQL vs Semgrep: A 2026 Buyer Comparison

A practical head-to-head between CodeQL and Semgrep in 2026: query power, performance, rule authoring, and where each tool earns its place in a modern SAST program.

Feb 20, 20265 min read
Application Security

VS Code Extensions and Supply Chain Risk in 2026

VS Code extensions run with full editor privileges and broad filesystem access. A look at the real attacks, the marketplace's blind spots, and how to harden the workstation.

Feb 20, 20266 min read
Application Security

IAST vs RASP: A Decision Tree for 2026

When to deploy IAST, when to deploy RASP, and when to skip both. A pragmatic decision tree based on application architecture, threat model, and operational maturity.

Feb 18, 20266 min read
Application Security

YAML Deserialization Attacks: The Config File That Runs Code

YAML's type system allows object instantiation during parsing. In many languages, this means a YAML file can execute arbitrary code.

Feb 18, 20264 min read
Application Security

How to set up secrets scanning in git repositories

A step-by-step guide to secrets scanning in git repositories using gitleaks and trufflehog, covering pre-commit hooks, CI enforcement, and history audits.

Feb 16, 20267 min read
Application Security

How to configure OWASP ZAP for automated scanning

A step-by-step guide to configuring OWASP ZAP for automated scanning in CI/CD, from Docker setup through baseline and API scans to pipeline gating.

Feb 15, 20268 min read
Application Security

What is Attack Path Analysis

Attack path analysis maps how vulnerabilities and misconfigurations chain together into real exploit routes, cutting 10,000+ findings down to the handful that matter.

Feb 12, 20267 min read
Application Security

Reachability Analysis for Rust and Cargo in 2026

How reachability analysis cuts noise for Rust services: cargo features, conditional compilation, RustSec advisories, and the tools that handle Rust well.

Feb 11, 20266 min read
Application Security

How to implement OAuth 2.0 securely

A step-by-step guide to implementing OAuth 2.0 securely: PKCE, redirect URI validation, token storage, and the vulnerabilities to avoid.

Feb 10, 20267 min read
Application Security

How to set up API rate limiting

A practical, step-by-step guide to setting up API rate limiting — gateway and app-layer configs, algorithm choices, per-endpoint tuning, and how to verify it actually blocks abuse.

Feb 10, 20267 min read
Application Security

What is Static Code Analysis

Static code analysis scans source code for flaws before it runs. Here's how SAST works, what it catches, and where it falls short without reachability context.

Feb 7, 20266 min read
Application Security (Page 28) — Supply Chain Security Blog | Safeguard