Safeguard
Topic

AppSec

In-depth guides and analysis on appsec from the Safeguard engineering team.

114 articles

AppSec

Application Security Companies: An Evaluation Checklist

A concrete checklist for evaluating application security companies in 2026 — coverage, false-positive handling, integration depth, and the questions vendor demos are designed to dodge.

Jan 15, 20265 min read
AppSec

AppSec Solutions: A Market Map for 2026

The appsec solutions market has consolidated around a handful of shapes — code-first platforms, cloud-native suites, and point scanners — and picking the right shape matters more than picking a brand.

Jan 14, 20265 min read
AppSec

SAST Tools: A Shortlist Worth Evaluating

A working sast tools list should separate what free sast tools handle well from what only becomes worthwhile once you're paying for language coverage, tuning, and CI/CD depth.

Jan 14, 20265 min read
AppSec

Code Security Scanners: Choosing One for Your Stack

The right code security scanner depends less on which vendor's marketing sounds best and more on language coverage, false-positive rate, and whether it fits into the workflow developers already use.

Dec 2, 20255 min read
AppSec

The Benefits of Using SAST Tools During Code Review

The real benefit of using SAST tools during code review isn't finding more bugs than a human reviewer — it's finding the specific bugs humans consistently miss, before merge.

Nov 12, 20256 min read
AppSec

Black Box Fuzzing, Explained

Black box fuzzing throws malformed input at a running application with zero knowledge of its internals, and it still finds crashes and memory bugs white box testing misses — here's how it works and where it fits in a security program.

Nov 6, 20256 min read
AppSec

Mobile Security Testing: OWASP MAS in Practice

OWASP MAS turns mobile app security from ad-hoc pentests into a program: what the eight MASVS control groups cover, how MASTG test cases work, and how to fit it all into CI.

Nov 5, 20256 min read
AppSec

Web Application Scanning: Tools and Methods Compared

Web application scanning ranges from free automated crawlers to full authenticated DAST pipelines — here's how the methods differ and when each is enough.

Nov 5, 20255 min read
AppSec

Dynamic Scanning, Explained for Engineers Who Aren't Security Specialists

Dynamic scanning tests a running application the way an attacker would, by sending it requests and watching what comes back. Here's what that actually involves and when it's the right tool.

Nov 4, 20256 min read
AppSec

Java Code Security: A Practical Checklist

Java code security has a specific set of recurring failure modes — deserialization, XXE, dependency sprawl — this checklist covers the ones worth checking on every review.

Sep 25, 20255 min read
AppSec

SAST, DAST, and SCA: The Three Scanner Types You Actually Need

Each scanner type answers a different question about your application. Here's what SAST, DAST, and SCA each catch, and why running just one leaves gaps.

Sep 23, 20255 min read
AppSec

Web Application Vulnerability Scanners, Compared

Web application vulnerability scanners range from free online URL checkers to full DAST platforms — here's how the categories differ and which one actually matches your risk.

Sep 23, 20255 min read
AppSec (Page 3) — Supply Chain Security Blog | Safeguard