Safeguard
Topic

Application Security

In-depth guides and analysis on application security from the Safeguard engineering team.

480 articles

Application Security

Reducing false positives in SAST and SCA tools

NIST benchmark data puts some SAST false-positive rates near 78%. Reachability analysis and contextual triage are how teams cut that noise without missing real risk.

Jul 9, 20266 min read
Application Security

A methodology for testing SPAs for client-side vulnerabilities

DOM XSS, token storage, and API exposure don't show up in a server-side scan — here's a repeatable methodology for testing React, Vue, and Angular apps.

Jul 9, 20266 min read
Application Security

AI code review: what it actually catches versus misses

GitClear's 211M-line study found copy-pasted code rose from 8.3% to 12.3% of changes from 2020 to 2024 — even as AI reviewers flag more comments, the defects that matter most still slip through.

Jul 8, 20266 min read
Application Security

How AI-powered SAST auto-fix engines actually work

GitHub says Copilot Autofix resolves two-thirds of flagged vulnerabilities with little editing; Snyk claims 80% fix accuracy. Here's the pipeline behind both numbers.

Jul 8, 20268 min read
Application Security

ASPM fundamentals: what application security posture management actually aggregates

Gartner coined the ASPM term in May 2023 and projects over 40% of organizations building software will adopt it by 2026 — here is what it actually does.

Jul 8, 20266 min read
Application Security

A practical AppSec maturity model: five stages, self-assessment included

OWASP SAMM v2 scores 15 practices on a 0–3 scale; BSIMM15 measured 121 firms and found SCA adoption up 67%. Here's a five-stage model to self-assess against.

Jul 8, 20267 min read
Application Security

What to Evaluate in an ASPM Solution: A 2026 Buyer's Guide

Gartner named Application Security Posture Management a category in May 2023 — three years later, most RFPs still can't distinguish a real ASPM from a dashboard bolted onto old scanners.

Jul 8, 20268 min read
Application Security

ASPM fundamentals for security teams

Gartner projects over 40% of organizations will adopt Application Security Posture Management by 2026 — here's what it actually aggregates and how to judge if yours is working.

Jul 8, 20266 min read
Application Security

A framework for integrating ASPM into an existing AppSec program

Gartner defined ASPM in May 2023 as a correlation layer, not a rip-and-replace — here's how to fold it into a toolchain you already run.

Jul 8, 20266 min read
Application Security

Why asset inventory should come before AppSec tooling

Only 17% of organizations can inventory 95%+ of their assets, and 69% have been breached through one they didn't know existed — start with the map, not the scanner.

Jul 8, 20267 min read
Application Security

Beyond vulnerability management: a risk-based approach to AppSec

Fewer than 5% of published CVEs are ever exploited in the wild, yet most teams still triage by raw count — here's the exploitability-first alternative.

Jul 8, 20267 min read
Application Security

Broken access control in Express: the OWASP #1 risk, fixed with middleware

Broken access control now shows up in 100% of tested applications, per OWASP's 2025 Top 10 — up from 94% in 2021. Here's how to close it in Express.

Jul 8, 20266 min read
Application Security (Page 7) — Supply Chain Security Blog | Safeguard