Security Concepts
In-depth guides and analysis on security concepts from the Safeguard engineering team.
15 articles
The OWASP Top 10: A Quick Reference for 2026
A working reference to the OWASP Top10 categories, what each one covers in plain terms, and which scanner type actually catches it.
Application Security vs Network Security: Where the Line Is
Application security vs network security comes down to what layer you're defending — code and logic versus traffic and perimeter — and most breaches now happen in the gap between them.
The Threat Modeling Process, Step by Step
Threat modeling answers four questions: what are we building, what can go wrong, what are we doing about it, and did we do enough? A concrete step-by-step process your team can run in an afternoon.
Threat Modelling: STRIDE, PASTA, and a Process That Ships
Threat modelling fails when it becomes a 40-page document nobody reads. Here is what STRIDE and PASTA actually offer, and a lightweight process that survives contact with sprint deadlines.
Product Security vs Application Security: What's the Difference
Application security protects the code and runtime of a single piece of software; product security is the broader discipline covering that software's entire lifecycle, including hardware, supply chain, and how customers actually use it.
A Threat Model Example, Walked Through Step by Step
The fastest way to understand threat modeling is to watch one built end to end — this walks through a real threat model example for a simple login and payment flow.
CWE Full Form: How the Common Weakness Enumeration Works
CWE stands for Common Weakness Enumeration — a community catalog of software and hardware weakness types. Here is what CWE means, how it differs from CVE, and how to use it.
CVE Vulnerability Lookup and Scoring, Explained
A CVE vulnerability record is an identifier, not a severity rating on its own — here's how CVE IDs, CVSS scores, and the actual lookup process fit together.
CVE Vulnerabilities Explained: How the CVE System Works
What a CVE vulnerability actually is, who assigns the IDs, how CVSS scoring and the KEV catalog fit in, and why a CVE number is a label, not a verdict.
OWASP 10 vs OWASP Top 10: Clearing Up the Confusion
"OWASP 10" isn't a separate standard — it's shorthand people search for the OWASP Top 10, and the confusion usually starts with which Top 10 they actually mean.
What Is CWE? The Common Weakness Enumeration Explained
CWE catalogs the underlying software weakness behind a vulnerability, not the specific instance of it — here's how it relates to CVE and why scanners tag findings with a CWE ID.
The National Vulnerability Database: How to Actually Use It
The National Vulnerability Database is the US government's CVE repository — here's how to search it, read its CVSS scores, and use it in a real workflow.