Safeguard
Topic

AppSec

In-depth guides and analysis on appsec from the Safeguard engineering team.

114 articles

AppSec

Application Security Testing Tools: SAST, DAST, IAST, and SCA Compared

Four scanner families see four different slices of your risk. What SAST, DAST, IAST, and SCA each catch and miss, and how to sequence them in CI without drowning developers.

Jun 24, 20256 min read
AppSec

DAST Tools for DevSecOps Teams

The best DAST tools for DevSecOps teams run inside CI/CD rather than as a separate pre-launch step, and Gartner's own analysis of the DAST market backs that shift as the defining trend.

Jun 23, 20255 min read
AppSec

The OWASP API Security Top 10: Each Risk Explained

The OWASP API Top 10 is a ranked list of the most common API-specific vulnerability classes, from broken object level authorization to unsafe consumption of third-party APIs.

Jun 19, 20255 min read
AppSec

DAST Testing: How Dynamic Scans Probe Running Applications

DAST testing attacks your app the way an outsider would — no source code, just HTTP requests against a running target. Here is how the scan works, what it catches that SAST misses, and where it falls short.

Jun 18, 20257 min read
AppSec

Web Session Security: A Practical Guide

Web session security is the set of controls that keep a logged-in user's session token from being stolen, guessed, or reused by an attacker — and most of it comes down to a handful of cookie flags and lifecycle rules teams routinely skip.

Jun 11, 20255 min read
AppSec

Application Security Vulnerability Management: A Working Workflow

A concrete workflow for application security vulnerability management, from scan to fix to verified close, that survives contact with a real release calendar.

Jun 11, 20255 min read
AppSec

Scanning a Website for Vulnerabilities, Step by Step

A practical walkthrough of how to scan a website for vulnerabilities — from picking a scan target and authentication mode to reading the results without drowning in false positives.

Jun 11, 20256 min read
AppSec

Serialization vs. Deserialization in Java: Security Implications

The difference between serialization and deserialization in Java is simple to state and dangerous to get wrong — deserialization of untrusted data has caused some of the highest-severity Java CVEs of the last decade.

Jun 10, 20256 min read
AppSec

Encryption Algorithms in Java: A Practical Overview

Java ships a wide menu of encryption algorithms through its Java Cryptography Architecture, but picking the wrong mode or a deprecated cipher is one of the most common security findings in Java codebases.

Jun 9, 20256 min read
AppSec

Open Redirect Vulnerabilities: How Attackers Abuse Them

An open redirect attack abuses a trusted domain's own redirect functionality to send victims to a malicious site — low severity on its own, but a key ingredient in phishing and OAuth token theft.

May 27, 20256 min read
AppSec

Buffer Overflow Exploits: A Practical Example

A buffer overflow exploit example, walked through step by step, showing exactly how writing past the end of a fixed-size buffer can turn a simple C function into arbitrary code execution.

May 27, 20257 min read
AppSec

Open Source SAST Tools Worth Evaluating

A rundown of the open source SAST tools engineering teams actually use in production, and where each one runs out of road.

May 14, 20255 min read
AppSec (Page 6) — Supply Chain Security Blog | Safeguard