Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

Property-Based Testing for Security: Defining Invariants That Must Never Break

Property-based testing defines invariants about program behavior and generates thousands of test cases automatically. For security code, the right properties can catch vulnerabilities that example-based tests miss.

Dec 5, 20225 min read
Application Security

WAF Rule Writing Best Practices: From Alert Fatigue to Actionable Protection

Most WAF deployments drown in false positives because the rules were never tuned. Here is how to write rules that protect without blocking legitimate traffic.

Nov 12, 20226 min read
Application Security

Taming Static Analysis: A Practical Guide to False Positive Reduction

False positives kill SAST adoption faster than anything else. Here is how to cut through the noise without missing real vulnerabilities.

Nov 12, 20227 min read
Application Security

Browser Extension Attacks and the Supply Chain

Browser extensions run with elevated privileges and update automatically. When attackers compromise or acquire popular extensions, they gain access to millions of users instantly.

Nov 5, 20226 min read
Application Security

Angular Application Security Checklist

A practical security checklist for Angular applications covering XSS prevention, dependency management, and secure configuration.

Sep 12, 20224 min read
Application Security

CORS Misconfiguration Exploitation: The Silent API Exposure

CORS misconfigurations are one of the most common web security issues. They silently expose your APIs to cross-origin data theft.

Sep 12, 20225 min read
Application Security

Security Misconfiguration Checklist: The Low-Hanging Fruit Attackers Love

Misconfigurations are the easiest vulnerabilities to find and exploit. Here is a practical checklist for web servers, frameworks, cloud services, and databases.

Sep 8, 20226 min read
Application Security

Mutation Testing for Security Validation: Testing Your Tests

Mutation testing measures whether your security tests actually catch bugs by introducing small changes to code and checking if tests fail. Here is how to apply it to security-critical code.

Aug 5, 20225 min read
Application Security

NoSQL Injection and MongoDB: Prevention Guide

NoSQL injection attacks exploit the query languages of non-relational databases to bypass authentication, extract data, and modify records. This guide focuses on MongoDB injection with defenses applicable to all NoSQL databases.

Aug 5, 20226 min read
Application Security

Protocol Buffer Security Considerations Beyond Serialization

Protobuf is everywhere in modern infrastructure. Its security implications go beyond just serialization format choice. Here is what to watch.

Jul 8, 20225 min read
Application Security

SAST vs DAST vs IAST: Which Application Security Testing Approach Fits Your Pipeline?

A practical comparison of SAST, DAST, and IAST — when to use each, where they overlap, and why most teams need more than one.

Jul 8, 20227 min read
Application Security

WebAssembly Security: A Deep Dive into the Sandbox Model

WebAssembly promises near-native performance with a strong security sandbox. But the sandbox model has nuances that developers and security teams must understand to avoid dangerous assumptions.

Jul 5, 20227 min read
Application Security (Page 39) — Supply Chain Security Blog | Safeguard