Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

Mobile Application Security Testing: Beyond the OWASP Mobile Top 10

Mobile apps have unique security challenges that web-focused tools miss entirely. Here is a practical testing methodology for iOS and Android.

Mar 8, 20246 min read
Application Security

Capacitor and Ionic Hybrid App Security: A Practical Guide

Capacitor-based hybrid apps blend web technologies with native device access. This combination creates a unique attack surface that requires specific security strategies.

Mar 5, 20247 min read
Application Security

Service Worker Security Risks: The Persistent Threat in Your Browser

Service workers intercept network requests, cache content, and run in the background. When compromised, they become a persistent foothold in the browser.

Feb 12, 20246 min read
Application Security

YAML Deserialization Attacks and How to Prevent Them

YAML looks innocent but its deserialization features have led to remote code execution in countless applications. Here is why and how to stay safe.

Jan 28, 20244 min read
Application Security

React Application Security Guide

Securing React applications from XSS, dependency vulnerabilities, and common frontend attack patterns.

Jan 20, 20245 min read
Application Security

Express and Node.js Security Hardening

Practical security hardening for Express.js applications covering middleware, input validation, and production deployment.

Jan 12, 20244 min read
Application Security

IAST vs RASP: Runtime Protection Approaches Compared

Interactive Application Security Testing and Runtime Application Self-Protection both operate at runtime, but they serve different purposes. Here is how they compare and when to use each.

Jan 5, 20245 min read
Application Security

API Gateway Security Patterns That Actually Work

API gateways sit between the internet and your services. Getting the security patterns right here multiplies your defense across every API behind them.

Dec 12, 20236 min read
Application Security

WAF Bypass Techniques and What They Mean for Supply Chain Security

Web Application Firewalls are a critical defense layer, but they are routinely bypassed. Understanding bypass techniques helps you build defense in depth rather than relying on a single control.

Dec 8, 20236 min read
Application Security

Deserialization Attacks in Java and Python

Insecure deserialization turns data parsing into code execution. This guide covers deserialization attacks in Java and Python, the gadget chain concept, and practical defenses for both ecosystems.

Dec 5, 20236 min read
Application Security

Security Considerations When Migrating from Monolith to Microservices

Decomposing a monolith into microservices changes the attack surface fundamentally. The security model that worked for the monolith will not work for the distributed system.

Nov 18, 20237 min read
Application Security

Java Module System Security Features: What JPMS Actually Delivers

The Java Platform Module System promised stronger encapsulation and security boundaries. Here is what it actually delivers and where the gaps remain.

Nov 8, 20235 min read
Application Security (Page 36) — Supply Chain Security Blog | Safeguard