Safeguard
Topic

Best Practices

In-depth guides and analysis on best practices from the Safeguard engineering team.

252 articles

Best Practices

IoT device security fundamentals: firmware integrity, credentials, and network isolation

One hardcoded Telnet password list built a 100,000-device botnet in 2016. A decade later, the same three failures still define most IoT breaches.

Jul 16, 20267 min read
Best Practices

Secure code review: the checklist reviewers actually need

Broken access control affects nearly every tested app and XSS remains the #1 CWE overall — both catchable in review. Here is a language-agnostic PR checklist.

Jul 16, 20267 min read
Best Practices

Ransomware defense strategy for engineering teams

Ransomware hit 44% of breaches in Verizon's 2025 DBIR, up from 32% a year prior. Here's the backup, access, and detection playbook that actually stops it.

Jul 15, 20266 min read
Best Practices

Secure Coding Fundamentals: A No-Jargon Checklist for New Developers

Three habits — validating input, managing secrets, and pinning dependencies — sit behind most preventable breaches, from Log4Shell to the event-stream hack.

Jul 15, 20267 min read
Best Practices

AppSec anti-patterns to eliminate

23.8M secrets leaked on public GitHub in 2024 alone. Here are the AppSec anti-patterns behind numbers like that — and the concrete practices that replace them.

Jul 14, 20266 min read
Best Practices

The security hygiene checklist most engineering orgs still skip

22% of breaches start with stolen credentials, per Verizon's 2025 DBIR. A quarter-long hygiene checklist — patching, MFA, secrets, least privilege — closes most of that gap.

Jul 14, 20266 min read
Best Practices

Disaster recovery testing: a practical guide to tabletop, failover, and RTO/RPO drills

GitLab's 2017 outage revealed 5 backup mechanisms had silently failed for weeks — recovery took 18 hours because no one had ever test-restored one.

Jul 13, 20266 min read
Best Practices

Disaster recovery testing methodologies compared

DR plans fail when they're never really tested. Here's how tabletop, simulation, parallel, and full interruption tests differ — and when each is worth the risk.

Jul 13, 20266 min read
Best Practices

Securing Your Ruby Dev Environment on macOS: rbenv, rvm, and Checksums

60 malicious RubyGems downloaded ~275,000 times went undetected for years — here's how to actually verify what rbenv or rvm installs on your Mac.

Jul 13, 20265 min read
Best Practices

Security considerations for authenticating CLI tools through corporate proxies

Two 2026 curl CVEs show proxy credentials leaking across redirects and reused connections — plus why .npmrc still stores proxy passwords in plaintext.

Jul 12, 20266 min read
Best Practices

Writing your first Jest unit tests for security-critical JavaScript

Jest ships to ~41M weekly npm installs with assertions, mocking, and coverage built in — here's how to structure your first tests around security logic.

Jul 12, 20267 min read
Best Practices

Mocking APIs for secure testing: MSW and json-server for error and auth flows

MSW intercepts requests at the network layer; json-server spins up a fake REST API in one command. Neither should ever touch a real backend or real credentials.

Jul 12, 20267 min read
Best Practices — Supply Chain Security Blog | Safeguard