Safeguard
Topic

Best Practices

In-depth guides and analysis on best practices from the Safeguard engineering team.

252 articles

Best Practices

Infisical: An Open-Source Secrets Platform Review

A senior engineer's assessment of Infisical as a self-hostable secrets platform, covering architecture, operational posture, and where it fits in 2024.

May 30, 20247 min read
Best Practices

Rails Application Template Security

Rails application templates are powerful and dangerous: how they execute, what they can touch, and how to use them safely for new-project scaffolding.

May 28, 20248 min read
Best Practices

Azure Key Vault Rotation Patterns

Rotation is the Key Vault feature most teams nominally have and few actually operate. A walk through the patterns that work for secrets, keys, and certificates at scale.

May 18, 20248 min read
Best Practices

Third-Party Risk Management for Software Vendors

A practical TPRM program for software vendors covering intake, tiering, annual review, SBOM ingestion, and continuous monitoring with staffing ratios and budgets.

May 7, 20246 min read
Best Practices

Developer Workstation Forensics for Supply Chain

Forensic procedures for a developer workstation that may have executed a malicious package, from live triage through full imaging.

May 5, 20246 min read
Best Practices

AWS AppConfig Dynamic Config Security

AppConfig ships configuration changes to running applications in seconds. That makes it a powerful tool and a compelling target. Here is how to run AppConfig safely.

Apr 30, 20247 min read
Best Practices

GCP Cloud Functions Supply Chain Risks

The supply-chain risks unique to GCP Cloud Functions: dependency resolution at deploy time, buildpack trust, runtime identity, and the audit trail the service does and does not give you.

Apr 15, 20247 min read
Best Practices

Supply Chain Incident Forensics Playbook

A practical, hour-by-hour forensics playbook for responding to software supply chain incidents, from first alert through root cause and disclosure.

Apr 15, 20246 min read
Best Practices

Django Security Best Practices, 2024 Edition

From SECRET_KEY hygiene to middleware ordering, the Django security checklist worth actually following in 2024, grounded in real CVEs and production incidents.

Apr 10, 20246 min read
Best Practices

How Often Should You Scan for Vulnerabilities?

Finding the right vulnerability scanning frequency for your organization. Too often wastes resources, too rarely leaves gaps. Here is how to calibrate.

Apr 8, 20246 min read
Best Practices

NestJS Enterprise Security Guide

NestJS dominates the enterprise Node.js space because of its Angular-style decorators, dependency injection, and opinionated project structure. Those same properties create a distinctive security surface worth understanding carefully.

Mar 22, 20246 min read
Best Practices

AWS Lambda Layers: Supply Chain Risks

Lambda layers feel like a convenience but they are a supply chain attack surface that most teams do not treat as code. Here is how they get abused and what to do about it.

Mar 18, 20247 min read
Best Practices (Page 19) — Supply Chain Security Blog | Safeguard