application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
OWASP Testing Tools and Methodology
OWASP testing tools cover the methodology; Veracode wraps part of it commercially. Neither was built for supply chain risk — here's where the gaps are and how to close them.
Achieving PCI DSS compliance through AppSec testing
PCI DSS 4.0 made application security testing mandatory, not optional. Here's what auditors check, where scanner-only programs fail, and how to close the gaps.
ISO 27001/27002 mapping for application security controls
ISO 27001:2022 maps 10+ Annex A controls directly to secure development. Here's how to evidence them, and where SAST-only tools like Veracode fall short.
NIST SP 800-53 control mapping for AppSec
How NIST SP 800-53's SA, RA, and SR control families map to modern AppSec — and where legacy scanners like Veracode leave supply-chain evidence gaps.
Breaking free from alert fatigue in AppSec
Veracode-style scanners flood AppSec teams with thousands of unranked alerts. Here's why appsec alert fatigue happens, what it costs, and how reachability-based triage fixes it.
Securing AWS Lambda functions
A practical guide to AWS Lambda security best practices: IAM scoping, dependency risk, secrets handling, and runtime detection for serverless apps.
Application Security Strategy for 2026: AI, DevSecOps, an...
AppSec platform consolidation is reshaping 2026 strategy. See how it compares to Veracode's approach and where Safeguard fits in a unified DevSecOps stack.
Static analysis (SAST) tool buyer's guide
A concrete, checkable buyer's guide comparing Safeguard and Black Duck on SAST analysis architecture, taint-tracking depth, reachability-driven triage, and unified findings data models.
DAST tool buyer's guide
How Safeguard's unified, defensive-only DAST compares to Black Duck's WhiteHat-derived module on correlation, safety controls, and deployment for regulated teams.
ASPM platform buyer's guide (Software Risk Manager)
A fact-based comparison of Safeguard and Black Duck's Software Risk Manager for teams evaluating ASPM platforms: architecture, SCA heritage, deployment.
Can AI write secure code? Auditing AI-generated code
AI writes code fast, but studies from 2021 to 2025 show it also reproduces insecure patterns and invents fake dependencies. Here's what the data says.
GitHub Copilot code security: XSS vulnerabilities found in React
Copilot commonly suggests dangerouslySetInnerHTML and unsanitized DOM writes in React. Here's the data on AI-generated XSS risk and how to catch it.