Application Security
In-depth guides and analysis on application security from the Safeguard engineering team.
480 articles
Mobile Application Security Testing: Beyond the OWASP Mobile Top 10
Mobile apps have unique security challenges that web-focused tools miss entirely. Here is a practical testing methodology for iOS and Android.
Capacitor and Ionic Hybrid App Security: A Practical Guide
Capacitor-based hybrid apps blend web technologies with native device access. This combination creates a unique attack surface that requires specific security strategies.
Service Worker Security Risks: The Persistent Threat in Your Browser
Service workers intercept network requests, cache content, and run in the background. When compromised, they become a persistent foothold in the browser.
YAML Deserialization Attacks and How to Prevent Them
YAML looks innocent but its deserialization features have led to remote code execution in countless applications. Here is why and how to stay safe.
React Application Security Guide
Securing React applications from XSS, dependency vulnerabilities, and common frontend attack patterns.
Express and Node.js Security Hardening
Practical security hardening for Express.js applications covering middleware, input validation, and production deployment.
IAST vs RASP: Runtime Protection Approaches Compared
Interactive Application Security Testing and Runtime Application Self-Protection both operate at runtime, but they serve different purposes. Here is how they compare and when to use each.
API Gateway Security Patterns That Actually Work
API gateways sit between the internet and your services. Getting the security patterns right here multiplies your defense across every API behind them.
WAF Bypass Techniques and What They Mean for Supply Chain Security
Web Application Firewalls are a critical defense layer, but they are routinely bypassed. Understanding bypass techniques helps you build defense in depth rather than relying on a single control.
Deserialization Attacks in Java and Python
Insecure deserialization turns data parsing into code execution. This guide covers deserialization attacks in Java and Python, the gadget chain concept, and practical defenses for both ecosystems.
Security Considerations When Migrating from Monolith to Microservices
Decomposing a monolith into microservices changes the attack surface fundamentally. The security model that worked for the monolith will not work for the distributed system.
Java Module System Security Features: What JPMS Actually Delivers
The Java Platform Module System promised stronger encapsulation and security boundaries. Here is what it actually delivers and where the gaps remain.