Safeguard
Topic

Industry Analysis

In-depth guides and analysis on industry analysis from the Safeguard engineering team.

294 articles

Industry Analysis

Manufacturing OT Supply Chain Security in 2026

Manufacturing has converged IT and OT for a decade, and the supply chain risk has followed. Here is what IEC 62443-aligned vendor management looks like in 2026, with the threats that justify it.

Feb 26, 20265 min read
Industry Analysis

Why Developer Experience Matters to Security Programs

Security programs that ignore developer experience fail. This is not a culture complaint — it is a throughput argument, and the math is unforgiving.

Feb 26, 20268 min read
Industry Analysis

Lateral movement

A precise breakdown of what lateral movement is, the MITRE ATT&CK techniques and pivoting methods attackers use, and how to detect them before they spread.

Feb 26, 20268 min read
Industry Analysis

Insecure deserialization attack

A precise breakdown of what is an insecure deserialization attack, how object injection and gadget chains work in Java and Python, and how to defend against them.

Feb 25, 20267 min read
Industry Analysis

XXE (XML External Entity) attack

A precise breakdown of what an XXE attack is, how XML external entity injection works, a real-world exploit example, the billion laughs attack, and prevention techniques.

Feb 25, 20266 min read
Industry Analysis

Golden ticket attack

A golden ticket attack forges Kerberos TGTs using a stolen krbtgt hash, giving attackers persistent, near-total control over Active Directory.

Feb 25, 20268 min read
Industry Analysis

JavaScript Security Explained

JavaScript security means managing three attack surfaces: runtime bugs, browser XSS, and npm supply chain compromise — the last of which caused 2025's biggest incidents.

Feb 24, 20267 min read
Industry Analysis

Living off the land (LOTL) techniques

A precise breakdown of living off the land (LOTL) attacks: how LOLBins, fileless malware, and dual-use tool abuse let intruders hide in plain sight.

Feb 24, 20268 min read
Industry Analysis

Node.js Security Best Practices

Node.js supply chain attacks like event-stream, ua-parser-js, and Shai-Hulud show why dependency depth is the real risk -- here's what actually reduces it.

Feb 24, 20266 min read
Industry Analysis

Business email compromise (BEC)

Business email compromise (BEC) tricks employees into wiring funds or data to attackers posing as executives or vendors. Here is how BEC fraud actually works.

Feb 24, 20267 min read
Industry Analysis

Python Security Explained

How Python's install-time code execution and open PyPI namespace fuel real supply chain attacks — and what actually reduces the risk.

Feb 24, 20267 min read
Industry Analysis

Java Security Explained

Java security failures like Log4Shell exposed 3 billion devices — here's why Java's dependency depth makes it uniquely risky, and how to fix it fast.

Feb 24, 20268 min read
Industry Analysis (Page 7) — Supply Chain Security Blog | Safeguard