application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
Why LLM API keys should be treated as tier-zero secrets
A leaked LLM API key is a blank check and a data pipe in one credential. Here's why it demands tier-zero controls—and why tools like Black Duck never see it.
BSIMM16 report: benchmarking software security program ma...
BSIMM16 shows AI now drives more security program change than any other force, with 111 firms assessed and SBOM use up nearly 30%. Here's what it means — and its blind spots.
Best ASPM Tools in 2026: Application Security Posture Management Compared
An honest buyer's guide to the best ASPM tools in 2026 — Apiiro, ArmorCode, Cycode, Snyk AppRisk, OX Security, and Safeguard — with a fair blurb and a best-for line for each, plus how AIBOM and supply chain risk reshape the category.
Snyk VulnBench: benchmarking LLMs on repeat vulnerability discovery
Snyk's VulnBench JS 1.0 ran 300 repeated LLM scans and found half of non-reference findings vanish on rerun—raising the bar for AI security tooling.
Reachability Analysis as the Missing Piece of SCA
Most SCA-flagged vulnerabilities aren't exploitable. Here's why reachability analysis — not just dependency matching — is what separates real risk from noise, and where Sonatype falls short.
Best DAST Tools in 2026: Web, API, and CI/CD Scanning Compared
An honest guide to the best DAST tools in 2026 — from OWASP ZAP and Burp Suite to Invicti, StackHawk, and Escape — with clear guidance on which fits web apps, APIs, and CI/CD-native pipelines, and where DAST stops and supply chain security begins.
LLM output validation and sanitization best practices
LLM output is untrusted input to everything downstream. Here's how to validate, encode, and sandbox it before it becomes your next injection vector.
Mapping AI-generated code risks to the CWE Top 25
45% of AI-generated code fails security tests. Here's how CWE Top 25 weaknesses like XSS, SQLi, and broken auth map to specific LLM coding habits.
OWASP Top 10 vulnerabilities explained
A breakdown of all 10 OWASP Top 10 categories with real CVEs (Log4Shell, Equifax, Heartbleed) mapped to each, and stats on which risks hit production most.
Container Security for the Software Supply Chain
Container scanning means more than SCA: OS layers, secrets, and provenance matter too. See the gaps in SCA-first tools and how Safeguard closes them.
OWASP API Security Top 10 risks explained
The OWASP API Security Top 10 ranks BOLA, broken auth, SSRF, and 7 more API risks behind breaches like Optus and T-Mobile — explained with real incidents.
Implementing the OWASP Top 10 Proactive Controls
A field guide to the OWASP Top 10 Proactive Controls: what each control requires, real breach examples like Equifax, and how to implement them in CI/CD.