Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

OAuth Token Security Throughout the Lifecycle

OAuth tokens grant access to APIs, services, and user data. Their security across creation, storage, use, and revocation determines your application risk posture.

Nov 8, 20234 min read
Application Security

React Native Security Considerations for Mobile Supply Chains

React Native introduces unique security challenges at the intersection of JavaScript and native mobile code. Understanding these risks is essential for securing cross-platform mobile applications.

Nov 5, 20237 min read
Application Security

API Security Testing Against the OWASP API Top 10: A Hands-On Guide

APIs are now the primary attack surface for most applications. Here is how to test for the OWASP API Security Top 10 risks systematically.

Nov 5, 20237 min read
Application Security

TypeScript Security Best Practices

How TypeScript's type system helps catch security bugs at compile time, and what it cannot protect you from.

Oct 15, 20235 min read
Application Security

Progressive Web App Security: The Risks Hiding in the Browser

PWAs blur the line between websites and applications. Their security model is browser-based, which introduces different risks than native applications.

Oct 12, 20235 min read
Application Security

HTTP/2 Rapid Reset: The Largest DDoS Attacks in Internet History

CVE-2023-44487 exploits a design flaw in HTTP/2 to amplify DDoS attacks, enabling record-breaking attacks peaking at 398 million requests per second.

Oct 10, 20235 min read
Application Security

JSON Parsing Library Vulnerabilities You Should Know About

JSON is the lingua franca of APIs, but the libraries that parse it have had serious security issues. Here is what to watch for in your stack.

Sep 28, 20235 min read
Application Security

Spring Boot Security and Dependency Management

Securing Spring Boot applications with dependency management BOMs, vulnerability scanning, and hardened configurations.

Sep 20, 20234 min read
Application Security

API Security Through the Supply Chain Lens

APIs are both an attack surface and a supply chain dependency. This guide examines API security risks from authentication to third-party integrations.

Sep 12, 20237 min read
Application Security

DAST Tool Comparison for Enterprise: What Matters Beyond Feature Lists

Enterprise DAST tools differ in how they handle modern application architectures, API testing, and CI/CD integration. Here is what to evaluate when choosing a DAST solution.

Sep 5, 20235 min read
Application Security

Template Injection (SSTI) Prevention Guide

Server-Side Template Injection turns template engines into code execution engines. This guide covers SSTI in Jinja2, Twig, Freemarker, and other engines, with detection techniques and layered defenses.

Aug 5, 20235 min read
Application Security

IAST Explained: Why Instrumented Security Testing Catches What Others Miss

IAST combines the precision of SAST with the realism of DAST. Here is how it works, where it fits, and what it actually costs to deploy.

Jul 22, 20237 min read
Application Security (Page 37) — Supply Chain Security Blog | Safeguard