AppSec
In-depth guides and analysis on appsec from the Safeguard engineering team.
114 articles
Vite and Turbopack: Security Considerations for Next-Gen Build Tools
Vite and Turbopack represent the next generation of JavaScript build tools. Their architectures introduce new security considerations alongside their performance improvements.
Auditing AI-Generated Code: A Practical Security Guide
AI code generation tools are producing millions of lines of code daily. Here is a practical framework for auditing AI-generated code for security vulnerabilities and supply chain risks.
Webpack vs Rollup vs esbuild: A Security Comparison
Choosing a bundler is usually about speed and features. Here is how Webpack, Rollup, and esbuild compare on the dimension that matters most for supply chain security.
The Security Implications of Package Bundlers
Bundlers transform your code and dependencies into production artifacts. The security implications of this transformation are significant and widely overlooked.
Business Logic Vulnerabilities: The Flaws Scanners Cannot Find
Business logic vulnerabilities bypass every automated scanner because they are not coding errors. They are design errors. Here is how to identify and prevent them.
Modern Command Injection Prevention: Beyond the Basics
Command injection remains in the OWASP Top 10 because developers keep making the same mistakes with new tools. Here is a modern prevention guide covering containers, serverless, and CI/CD.