Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

Electron ContextBridge Security: Building Safe Desktop Apps

Electron's ContextBridge is the secure boundary between web content and Node.js APIs. This guide covers how to use it correctly, common mistakes that create RCE vulnerabilities, and security best practices for Electron applications.

Jul 5, 20236 min read
Application Security

Runtime Application Self-Protection (RASP): A Practical Guide

RASP embeds security directly into the application runtime, detecting and blocking attacks from inside the app. It's powerful, controversial, and misunderstood. Here's what actually works.

Jun 25, 20239 min read
Application Security

TLS Library Comparison: OpenSSL vs BoringSSL vs LibreSSL vs rustls

Your TLS library choice has massive security implications. Here is an honest comparison of the major options and what each trade-off means.

May 25, 20235 min read
Application Security

Django Security and Supply Chain Guide

Securing Django applications with built-in security features, dependency management, and supply chain protections.

May 15, 20234 min read
Application Security

Subresource Integrity Failures: When CDN Trust Goes Wrong

SRI protects against CDN compromises and supply chain attacks on client-side scripts. Most web applications do not use it. Here is what they are missing.

May 12, 20235 min read
Application Security

Dynamic Application Security Testing: A Practitioner's Guide to DAST Done Right

DAST finds what source code analysis cannot. Here is how to set it up, tune it, and actually get value from it in a modern CI/CD pipeline.

Mar 18, 20237 min read
Application Security

PWA Service Worker Attack Surface: What Security Teams Overlook

Service workers give Progressive Web Apps powerful offline and caching capabilities, but they also create a persistent attack surface that outlives the browser tab. Understanding this surface is critical.

Mar 5, 20237 min read
Application Security

Cryptographic Library Selection Guide: Choosing Wisely for Your Stack

Picking the wrong crypto library means either rolling your own crypto or using a library with a poor security track record. Here is how to choose.

Jan 22, 20235 min read
Application Security

Sensitive Data Exposure Prevention: Protecting Data at Rest, in Transit, and in Use

Data exposure is not just about encryption. It is about knowing where your sensitive data lives, how it moves, and who can access it at every stage.

Jan 15, 20236 min read
Application Security

CSP Bypass Techniques and Prevention: Beyond the Basics

Content Security Policy is the strongest browser-side defense against XSS. But most CSP deployments are bypassable. Here is why, and how to fix it.

Jan 12, 20235 min read
Application Security

Vue.js Security Best Practices

Securing Vue.js applications from template injection, XSS through v-html, and third-party plugin risks.

Jan 8, 20234 min read
Application Security

LDAP Injection Prevention Guide

LDAP injection attacks manipulate directory service queries to bypass authentication, extract sensitive data, and enumerate user accounts. This guide covers attack techniques and practical defenses for applications using LDAP.

Dec 5, 20226 min read
Application Security (Page 38) — Supply Chain Security Blog | Safeguard