Industry Analysis
In-depth guides and analysis on industry analysis from the Safeguard engineering team.
294 articles
Manufacturing OT Supply Chain Security in 2026
Manufacturing has converged IT and OT for a decade, and the supply chain risk has followed. Here is what IEC 62443-aligned vendor management looks like in 2026, with the threats that justify it.
Why Developer Experience Matters to Security Programs
Security programs that ignore developer experience fail. This is not a culture complaint — it is a throughput argument, and the math is unforgiving.
Lateral movement
A precise breakdown of what lateral movement is, the MITRE ATT&CK techniques and pivoting methods attackers use, and how to detect them before they spread.
Insecure deserialization attack
A precise breakdown of what is an insecure deserialization attack, how object injection and gadget chains work in Java and Python, and how to defend against them.
XXE (XML External Entity) attack
A precise breakdown of what an XXE attack is, how XML external entity injection works, a real-world exploit example, the billion laughs attack, and prevention techniques.
Golden ticket attack
A golden ticket attack forges Kerberos TGTs using a stolen krbtgt hash, giving attackers persistent, near-total control over Active Directory.
JavaScript Security Explained
JavaScript security means managing three attack surfaces: runtime bugs, browser XSS, and npm supply chain compromise — the last of which caused 2025's biggest incidents.
Living off the land (LOTL) techniques
A precise breakdown of living off the land (LOTL) attacks: how LOLBins, fileless malware, and dual-use tool abuse let intruders hide in plain sight.
Node.js Security Best Practices
Node.js supply chain attacks like event-stream, ua-parser-js, and Shai-Hulud show why dependency depth is the real risk -- here's what actually reduces it.
Business email compromise (BEC)
Business email compromise (BEC) tricks employees into wiring funds or data to attackers posing as executives or vendors. Here is how BEC fraud actually works.
Python Security Explained
How Python's install-time code execution and open PyPI namespace fuel real supply chain attacks — and what actually reduces the risk.
Java Security Explained
Java security failures like Log4Shell exposed 3 billion devices — here's why Java's dependency depth makes it uniquely risky, and how to fix it fast.