Application Security
In-depth guides and analysis on application security from the Safeguard engineering team.
480 articles
Property-Based Testing for Security: Defining Invariants That Must Never Break
Property-based testing defines invariants about program behavior and generates thousands of test cases automatically. For security code, the right properties can catch vulnerabilities that example-based tests miss.
WAF Rule Writing Best Practices: From Alert Fatigue to Actionable Protection
Most WAF deployments drown in false positives because the rules were never tuned. Here is how to write rules that protect without blocking legitimate traffic.
Taming Static Analysis: A Practical Guide to False Positive Reduction
False positives kill SAST adoption faster than anything else. Here is how to cut through the noise without missing real vulnerabilities.
Browser Extension Attacks and the Supply Chain
Browser extensions run with elevated privileges and update automatically. When attackers compromise or acquire popular extensions, they gain access to millions of users instantly.
Angular Application Security Checklist
A practical security checklist for Angular applications covering XSS prevention, dependency management, and secure configuration.
CORS Misconfiguration Exploitation: The Silent API Exposure
CORS misconfigurations are one of the most common web security issues. They silently expose your APIs to cross-origin data theft.
Security Misconfiguration Checklist: The Low-Hanging Fruit Attackers Love
Misconfigurations are the easiest vulnerabilities to find and exploit. Here is a practical checklist for web servers, frameworks, cloud services, and databases.
Mutation Testing for Security Validation: Testing Your Tests
Mutation testing measures whether your security tests actually catch bugs by introducing small changes to code and checking if tests fail. Here is how to apply it to security-critical code.
NoSQL Injection and MongoDB: Prevention Guide
NoSQL injection attacks exploit the query languages of non-relational databases to bypass authentication, extract data, and modify records. This guide focuses on MongoDB injection with defenses applicable to all NoSQL databases.
Protocol Buffer Security Considerations Beyond Serialization
Protobuf is everywhere in modern infrastructure. Its security implications go beyond just serialization format choice. Here is what to watch.
SAST vs DAST vs IAST: Which Application Security Testing Approach Fits Your Pipeline?
A practical comparison of SAST, DAST, and IAST — when to use each, where they overlap, and why most teams need more than one.
WebAssembly Security: A Deep Dive into the Sandbox Model
WebAssembly promises near-native performance with a strong security sandbox. But the sandbox model has nuances that developers and security teams must understand to avoid dangerous assumptions.