Best Practices
In-depth guides and analysis on best practices from the Safeguard engineering team.
252 articles
Infisical: An Open-Source Secrets Platform Review
A senior engineer's assessment of Infisical as a self-hostable secrets platform, covering architecture, operational posture, and where it fits in 2024.
Rails Application Template Security
Rails application templates are powerful and dangerous: how they execute, what they can touch, and how to use them safely for new-project scaffolding.
Azure Key Vault Rotation Patterns
Rotation is the Key Vault feature most teams nominally have and few actually operate. A walk through the patterns that work for secrets, keys, and certificates at scale.
Third-Party Risk Management for Software Vendors
A practical TPRM program for software vendors covering intake, tiering, annual review, SBOM ingestion, and continuous monitoring with staffing ratios and budgets.
Developer Workstation Forensics for Supply Chain
Forensic procedures for a developer workstation that may have executed a malicious package, from live triage through full imaging.
AWS AppConfig Dynamic Config Security
AppConfig ships configuration changes to running applications in seconds. That makes it a powerful tool and a compelling target. Here is how to run AppConfig safely.
GCP Cloud Functions Supply Chain Risks
The supply-chain risks unique to GCP Cloud Functions: dependency resolution at deploy time, buildpack trust, runtime identity, and the audit trail the service does and does not give you.
Supply Chain Incident Forensics Playbook
A practical, hour-by-hour forensics playbook for responding to software supply chain incidents, from first alert through root cause and disclosure.
Django Security Best Practices, 2024 Edition
From SECRET_KEY hygiene to middleware ordering, the Django security checklist worth actually following in 2024, grounded in real CVEs and production incidents.
How Often Should You Scan for Vulnerabilities?
Finding the right vulnerability scanning frequency for your organization. Too often wastes resources, too rarely leaves gaps. Here is how to calibrate.
NestJS Enterprise Security Guide
NestJS dominates the enterprise Node.js space because of its Angular-style decorators, dependency injection, and opinionated project structure. Those same properties create a distinctive security surface worth understanding carefully.
AWS Lambda Layers: Supply Chain Risks
Lambda layers feel like a convenience but they are a supply chain attack surface that most teams do not treat as code. Here is how they get abused and what to do about it.