Concepts
In-depth guides and analysis on concepts from the Safeguard engineering team.
116 articles
What is a Security Audit
A security audit is an evidence-based check that your controls actually meet a standard. Here's the process, the main frameworks, and how it differs from a pentest.
What is Egress Filtering in CI
Egress filtering in CI restricts where build jobs can send traffic, so a compromised dependency can't exfiltrate your secrets. Here's how to roll it out without breaking builds.
What is Repo-Jacking
Repo-jacking hijacks renamed or deleted GitHub namespaces to serve attacker code at trusted URLs. Here's how the redirect trick works and how to audit your exposure.
What is Fuzzing
Fuzzing feeds programs malformed input at machine speed to trigger crashes and expose memory-safety bugs. Here's how fuzz testing works and why it matters.
What is a Software Attestation
A software attestation is a signed, machine-readable claim about an artifact — who built it, what it contains, which checks it passed — that a machine can verify before trusting it.
What is RASP
RASP runs inside an application and blocks attacks in real time, from the inside out. Here's how it works, how it differs from a WAF, and where it fits.
What is IAST
IAST instruments a running application from the inside to find vulnerabilities with very low false positives. Here's how it works and how it compares to SAST and DAST.
What is Security Testing
Security testing is how teams find exploitable weaknesses before attackers do. Here's the main types — SAST, DAST, IAST, SCA, fuzzing, pentesting — and how they fit together.