Application Security
In-depth guides and analysis on application security from the Safeguard engineering team.
480 articles
Secrets Management: Preventing Credential Leaks in Your Software Supply Chain
Hardcoded credentials remain the most common source of breaches. Despite a decade of tooling improvements, secrets keep leaking through source code, container images, CI logs, and dependency configurations. Here is how to actually fix it.
The OWASP Top 10 (2021) Through a Supply Chain Security Lens
The 2021 OWASP Top 10 added supply chain risks for the first time. Here is what each category means when your code is mostly someone else's code.
Electron App Supply Chain Security: Desktop Apps Built on Web Dependencies
Electron apps ship a full Chromium browser and Node.js runtime to the desktop. That means every web supply chain risk becomes a desktop attack surface — with elevated privileges.
TLS Configuration Security Audit: What to Check and How
A misconfigured TLS setup can be worse than no encryption at all because it creates false confidence. Here is how to audit your TLS configuration properly.
Broken Access Control: The Number One Web Vulnerability and How to Fix It
Access control moved to the top of the OWASP Top 10 in 2021. Here is why it is so hard to get right and what a solid authorization architecture looks like.
Regular Expression Denial of Service (ReDoS): Detection and Prevention
A single bad regex can bring down your entire application. ReDoS attacks exploit catastrophic backtracking to consume unbounded CPU time.
Fuzz Testing Supply Chain Components: Finding Bugs Before Attackers Do
Fuzz testing discovers crashes, memory corruption, and logic errors by feeding random inputs to software. Applied to supply chain components, it reveals vulnerabilities that code review and static analysis miss.
Vulnerability Disclosure Programs: Building Trust with Security Researchers
A well-designed vulnerability disclosure program turns external researchers into force multipliers for your security team. A poorly-designed one guarantees your vulnerabilities end up on Twitter instead of your inbox.
gRPC Security Considerations for Microservice Architectures
gRPC powers high-performance microservice communication, but its binary protocol and code generation model introduce unique security challenges most teams overlook.
Binary Analysis for Supply Chain Verification
When you can't audit source code, binary analysis becomes your last line of defense. Understanding how to verify compiled artifacts is critical for catching supply chain compromises.
Regular Expression Denial of Service (ReDoS): When Patterns Attack
A single poorly written regex can take down your server. ReDoS is a subtle denial-of-service vulnerability hiding in dependencies you have never audited.
MessagePack Security Implications: Binary Serialization Risks
MessagePack is faster than JSON but shares some of JSON's security pitfalls while adding new ones. Here is what to watch for.