Safeguard
Topic

AppSec

In-depth guides and analysis on appsec from the Safeguard engineering team.

114 articles

AppSec

Code Security Review: Manual vs Automated, and Where They Meet

Code security review works best as a combination, not a choice — here's what automated scanning catches, what still needs a human reviewer, and how to structure both.

Feb 27, 20255 min read
AppSec

Website Scanners, Web Scanners, and URL Scanners: What's the Difference

Website scanner, web scanner, and URL scanner are often used interchangeably, but they can mean very different depth of analysis depending on the vendor. Here's how to tell them apart.

Feb 24, 20254 min read
AppSec

Bootstrapping a Secure Website Scan Workflow on a Budget

A small team can build a real scanning habit with zero budget — the trick is turning one-off checks into a repeatable workflow before traffic (and risk) grows.

Feb 18, 20256 min read
AppSec

Unrestricted File Upload Vulnerabilities: Risks and Fixes

An unrestricted file upload vulnerability lets an attacker place a working web shell on your server through a form that was only ever supposed to accept profile pictures or PDFs.

Feb 11, 20256 min read
AppSec

IAST Security: Interactive Application Security Testing Explained

IAST security instruments a running application to watch real requests flow through real code, catching vulnerabilities that static analysis and black-box scanning both miss.

Feb 10, 20256 min read
AppSec

CVE-2023-4863: The libwebp Zero-Day That Hit Chrome and More

CVE-2023-4863 was a heap buffer overflow in libwebp's Huffman decoding that was exploited as a zero-day in the wild — and because libwebp sits inside Chrome, Firefox, and countless Electron apps, one library bug became an ecosystem-wide emergency patch.

Jan 22, 20256 min read
AppSec

SAST Meaning and Full Form: Static Application Security Testing Explained

SAST stands for Static Application Security Testing — analyzing source code for vulnerabilities without running it. Here is what the term means, how it works, and where it fits alongside DAST and SCA.

Oct 8, 20246 min read
AppSec

Software Security Testing: A Practitioner's Overview

Software security testing spans static analysis, dynamic testing, dependency scanning, and manual review — a practical map of which method catches what, written for people who actually run these programs.

Sep 30, 20245 min read
AppSec

SAST Full Form and What It Actually Tests

SAST stands for static application security testing — analyzing source code without running it. Here's exactly what it catches, what it misses, and how it fits a pipeline.

Aug 6, 20245 min read
AppSec

Security Testing for Data Pipelines: A Practical Guide

Data pipelines ingest, transform, and move sensitive information across systems. Here is how to identify and address the security risks that traditional application testing misses.

Mar 15, 20246 min read
AppSec

What Is AppSec, and Who Owns It on a Modern Team?

AppSec covers every security decision made about how software is designed, built, and shipped — but ownership is more distributed than most org charts admit.

Mar 11, 20245 min read
AppSec

What Does SAST Stand For, Exactly?

SAST stands for static application security testing — analyzing source code for vulnerabilities without ever running the program, which is what separates it from every dynamic testing approach.

Mar 5, 20245 min read
AppSec (Page 9) — Supply Chain Security Blog | Safeguard