Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Security Guides

Java Secrets Management: Getting Credentials Out of Your Code

Hardcoded credentials are among the most common findings in Java codebases. Here's how to externalize, rotate, and protect secrets properly in 2026.

Jul 7, 20265 min read
Career

A Security Engineer Career Roadmap for 2026

From your first junior role to senior specialist, here is a realistic security engineer career roadmap—the stages, the skills at each one, the specializations to choose between, and a mostly free path to get started.

Jul 7, 20266 min read
Application Security

A practical guide to bug bounty hunting

HackerOne alone has paid hackers over $300M since 2012, but most new researchers earn nothing — duplicates, not skill gaps, are the top reason first reports fail.

Jul 7, 20267 min read
AI Security

Choosing a security tool for AI-generated code

GitHub reported in 2024 that Copilot writes up to 46% of code in enabled files — the same vulnerability classes humans write, now shipped at machine speed.

Jul 7, 20267 min read
Application Security

Preventing SQL injection in Node.js applications

CWE-89 is a 25-year-old bug class, but Node's template literals make it trivially easy to reintroduce in mysql2, pg, and even Sequelize's raw-query escape hatch.

Jul 7, 20267 min read
Application Security

Preventing SSRF in Node.js applications

A single unvalidated URL in a fetch or axios call can let an attacker reach 169.254.169.254 and steal cloud credentials — as the 2019 Capital One breach showed.

Jul 7, 20266 min read
Industry Analysis

How the security industry is scaling partnerships for AI risk

No vendor covers model security, agent runtime policy, supply-chain risk, and code-level AppSec alone — partner-sourced ARR at one major vendor grew over 6x from 2023 to 2025.

Jul 7, 20266 min read
Concepts

What Is ASPM (Application Security Posture Management)?

Application Security Posture Management (ASPM) unifies findings from every AppSec tool into one correlated, prioritized view of your risk. Here's what ASPM is, the tool-sprawl problem it solves, and how it differs from CSPM and ASOC.

Jul 6, 20266 min read
Product

Introducing First-Party SAST and DAST: One Findings Model Across Code and Runtime

Safeguard is extending the platform with first-party static (SAST) and dynamic (DAST) application security testing — sharing one unified findings model with SCA, secrets, container, and IaC, with defensive-only DAST that only ever touches targets you've proven you own.

Jul 5, 20264 min read
Career

Essential Security Skills Every Developer Should Learn

Security is no longer a separate team's job. Here are the essential security skills every developer should build in 2026—why they matter to your career, how to learn them for free, and how to prove you have them.

Jul 5, 20266 min read
Buyer's Guides

Snyk vs SonarQube for SAST

Snyk Code and SonarQube both do SAST, but neither started as a supply chain security platform. Here's how their approaches differ, and where Safeguard fits.

Jul 5, 20268 min read
Application Security

What Is Application Security (AppSec) 101

AppSec used to mean scanning code for known bugs. Here's why that's no longer enough, what CVE-matching tools like Snyk miss, and what a real supply chain security program requires.

Jul 5, 20267 min read
application-security (Page 13) — Safeguard Blog