Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Application Security

OWASP Testing Tools and Methodology

OWASP testing tools cover the methodology; Veracode wraps part of it commercially. Neither was built for supply chain risk — here's where the gaps are and how to close them.

Jun 20, 20267 min read
Compliance

Achieving PCI DSS compliance through AppSec testing

PCI DSS 4.0 made application security testing mandatory, not optional. Here's what auditors check, where scanner-only programs fail, and how to close the gaps.

Jun 18, 20267 min read
Compliance

ISO 27001/27002 mapping for application security controls

ISO 27001:2022 maps 10+ Annex A controls directly to secure development. Here's how to evidence them, and where SAST-only tools like Veracode fall short.

Jun 17, 20267 min read
Compliance

NIST SP 800-53 control mapping for AppSec

How NIST SP 800-53's SA, RA, and SR control families map to modern AppSec — and where legacy scanners like Veracode leave supply-chain evidence gaps.

Jun 17, 20267 min read
Application Security

Breaking free from alert fatigue in AppSec

Veracode-style scanners flood AppSec teams with thousands of unranked alerts. Here's why appsec alert fatigue happens, what it costs, and how reachability-based triage fixes it.

Jun 16, 20268 min read
Application Security

Securing AWS Lambda functions

A practical guide to AWS Lambda security best practices: IAM scoping, dependency risk, secrets handling, and runtime detection for serverless apps.

Jun 16, 20267 min read
Industry Analysis

Application Security Strategy for 2026: AI, DevSecOps, an...

AppSec platform consolidation is reshaping 2026 strategy. See how it compares to Veracode's approach and where Safeguard fits in a unified DevSecOps stack.

Jun 15, 20267 min read
Buyer's Guides

Static analysis (SAST) tool buyer's guide

A concrete, checkable buyer's guide comparing Safeguard and Black Duck on SAST analysis architecture, taint-tracking depth, reachability-driven triage, and unified findings data models.

Jun 14, 20268 min read
Buyer's Guides

DAST tool buyer's guide

How Safeguard's unified, defensive-only DAST compares to Black Duck's WhiteHat-derived module on correlation, safety controls, and deployment for regulated teams.

Jun 14, 20268 min read
Buyer's Guides

ASPM platform buyer's guide (Software Risk Manager)

A fact-based comparison of Safeguard and Black Duck's Software Risk Manager for teams evaluating ASPM platforms: architecture, SCA heritage, deployment.

Jun 13, 20268 min read
AI Security

Can AI write secure code? Auditing AI-generated code

AI writes code fast, but studies from 2021 to 2025 show it also reproduces insecure patterns and invents fake dependencies. Here's what the data says.

Jun 13, 20267 min read
AI Security

GitHub Copilot code security: XSS vulnerabilities found in React

Copilot commonly suggests dangerouslySetInnerHTML and unsanitized DOM writes in React. Here's the data on AI-generated XSS risk and how to catch it.

Jun 13, 20267 min read
application-security (Page 18) — Safeguard Blog