Safeguard
Topic

Security Concepts

In-depth guides and analysis on security concepts from the Safeguard engineering team.

15 articles

Security Concepts

The OWASP Top 10: A Quick Reference for 2026

A working reference to the OWASP Top10 categories, what each one covers in plain terms, and which scanner type actually catches it.

Jan 14, 20265 min read
Security Concepts

Application Security vs Network Security: Where the Line Is

Application security vs network security comes down to what layer you're defending — code and logic versus traffic and perimeter — and most breaches now happen in the gap between them.

Sep 3, 20255 min read
Security Concepts

The Threat Modeling Process, Step by Step

Threat modeling answers four questions: what are we building, what can go wrong, what are we doing about it, and did we do enough? A concrete step-by-step process your team can run in an afternoon.

Jun 3, 20256 min read
Security Concepts

Threat Modelling: STRIDE, PASTA, and a Process That Ships

Threat modelling fails when it becomes a 40-page document nobody reads. Here is what STRIDE and PASTA actually offer, and a lightweight process that survives contact with sprint deadlines.

May 13, 20256 min read
Security Concepts

Product Security vs Application Security: What's the Difference

Application security protects the code and runtime of a single piece of software; product security is the broader discipline covering that software's entire lifecycle, including hardware, supply chain, and how customers actually use it.

May 6, 20255 min read
Security Concepts

A Threat Model Example, Walked Through Step by Step

The fastest way to understand threat modeling is to watch one built end to end — this walks through a real threat model example for a simple login and payment flow.

Apr 29, 20255 min read
Security Concepts

CWE Full Form: How the Common Weakness Enumeration Works

CWE stands for Common Weakness Enumeration — a community catalog of software and hardware weakness types. Here is what CWE means, how it differs from CVE, and how to use it.

Nov 19, 20246 min read
Security Concepts

CVE Vulnerability Lookup and Scoring, Explained

A CVE vulnerability record is an identifier, not a severity rating on its own — here's how CVE IDs, CVSS scores, and the actual lookup process fit together.

Nov 19, 20245 min read
Security Concepts

CVE Vulnerabilities Explained: How the CVE System Works

What a CVE vulnerability actually is, who assigns the IDs, how CVSS scoring and the KEV catalog fit in, and why a CVE number is a label, not a verdict.

Sep 17, 20246 min read
Security Concepts

OWASP 10 vs OWASP Top 10: Clearing Up the Confusion

"OWASP 10" isn't a separate standard — it's shorthand people search for the OWASP Top 10, and the confusion usually starts with which Top 10 they actually mean.

Aug 19, 20245 min read
Security Concepts

What Is CWE? The Common Weakness Enumeration Explained

CWE catalogs the underlying software weakness behind a vulnerability, not the specific instance of it — here's how it relates to CVE and why scanners tag findings with a CWE ID.

Aug 6, 20245 min read
Security Concepts

The National Vulnerability Database: How to Actually Use It

The National Vulnerability Database is the US government's CVE repository — here's how to search it, read its CVSS scores, and use it in a real workflow.

May 14, 20245 min read
Security Concepts — Supply Chain Security Blog | Safeguard