Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

Secrets Management: Preventing Credential Leaks in Your Software Supply Chain

Hardcoded credentials remain the most common source of breaches. Despite a decade of tooling improvements, secrets keep leaking through source code, container images, CI logs, and dependency configurations. Here is how to actually fix it.

Jun 22, 20229 min read
Application Security

The OWASP Top 10 (2021) Through a Supply Chain Security Lens

The 2021 OWASP Top 10 added supply chain risks for the first time. Here is what each category means when your code is mostly someone else's code.

Jun 15, 20228 min read
Application Security

Electron App Supply Chain Security: Desktop Apps Built on Web Dependencies

Electron apps ship a full Chromium browser and Node.js runtime to the desktop. That means every web supply chain risk becomes a desktop attack surface — with elevated privileges.

Jun 12, 20225 min read
Application Security

TLS Configuration Security Audit: What to Check and How

A misconfigured TLS setup can be worse than no encryption at all because it creates false confidence. Here is how to audit your TLS configuration properly.

Jun 8, 20224 min read
Application Security

Broken Access Control: The Number One Web Vulnerability and How to Fix It

Access control moved to the top of the OWASP Top 10 in 2021. Here is why it is so hard to get right and what a solid authorization architecture looks like.

May 25, 20226 min read
Application Security

Regular Expression Denial of Service (ReDoS): Detection and Prevention

A single bad regex can bring down your entire application. ReDoS attacks exploit catastrophic backtracking to consume unbounded CPU time.

May 8, 20224 min read
Application Security

Fuzz Testing Supply Chain Components: Finding Bugs Before Attackers Do

Fuzz testing discovers crashes, memory corruption, and logic errors by feeding random inputs to software. Applied to supply chain components, it reveals vulnerabilities that code review and static analysis miss.

Apr 5, 20225 min read
Application Security

Vulnerability Disclosure Programs: Building Trust with Security Researchers

A well-designed vulnerability disclosure program turns external researchers into force multipliers for your security team. A poorly-designed one guarantees your vulnerabilities end up on Twitter instead of your inbox.

Mar 22, 20225 min read
Application Security

gRPC Security Considerations for Microservice Architectures

gRPC powers high-performance microservice communication, but its binary protocol and code generation model introduce unique security challenges most teams overlook.

Dec 5, 20216 min read
Application Security

Binary Analysis for Supply Chain Verification

When you can't audit source code, binary analysis becomes your last line of defense. Understanding how to verify compiled artifacts is critical for catching supply chain compromises.

Oct 5, 20216 min read
Application Security

Regular Expression Denial of Service (ReDoS): When Patterns Attack

A single poorly written regex can take down your server. ReDoS is a subtle denial-of-service vulnerability hiding in dependencies you have never audited.

Aug 20, 20214 min read
Application Security

MessagePack Security Implications: Binary Serialization Risks

MessagePack is faster than JSON but shares some of JSON's security pitfalls while adding new ones. Here is what to watch for.

Jun 25, 20215 min read
Application Security (Page 40) — Supply Chain Security Blog | Safeguard