Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Application Security

Why LLM API keys should be treated as tier-zero secrets

A leaked LLM API key is a blank check and a data pipe in one credential. Here's why it demands tier-zero controls—and why tools like Black Duck never see it.

Jun 12, 20268 min read
Application Security

BSIMM16 report: benchmarking software security program ma...

BSIMM16 shows AI now drives more security program change than any other force, with 111 firms assessed and SBOM use up nearly 30%. Here's what it means — and its blind spots.

Jun 12, 20267 min read
Buyer's Guides

Best ASPM Tools in 2026: Application Security Posture Management Compared

An honest buyer's guide to the best ASPM tools in 2026 — Apiiro, ArmorCode, Cycode, Snyk AppRisk, OX Security, and Safeguard — with a fair blurb and a best-for line for each, plus how AIBOM and supply chain risk reshape the category.

Jun 8, 20268 min read
AI Security

Snyk VulnBench: benchmarking LLMs on repeat vulnerability discovery

Snyk's VulnBench JS 1.0 ran 300 repeated LLM scans and found half of non-reference findings vanish on rerun—raising the bar for AI security tooling.

Jun 7, 20267 min read
Application Security

Reachability Analysis as the Missing Piece of SCA

Most SCA-flagged vulnerabilities aren't exploitable. Here's why reachability analysis — not just dependency matching — is what separates real risk from noise, and where Sonatype falls short.

Jun 7, 20268 min read
Buyer's Guides

Best DAST Tools in 2026: Web, API, and CI/CD Scanning Compared

An honest guide to the best DAST tools in 2026 — from OWASP ZAP and Burp Suite to Invicti, StackHawk, and Escape — with clear guidance on which fits web apps, APIs, and CI/CD-native pipelines, and where DAST stops and supply chain security begins.

Jun 6, 20268 min read
AI Security

LLM output validation and sanitization best practices

LLM output is untrusted input to everything downstream. Here's how to validate, encode, and sandbox it before it becomes your next injection vector.

Jun 5, 20267 min read
AI Security

Mapping AI-generated code risks to the CWE Top 25

45% of AI-generated code fails security tests. Here's how CWE Top 25 weaknesses like XSS, SQLi, and broken auth map to specific LLM coding habits.

Jun 5, 20267 min read
Application Security

OWASP Top 10 vulnerabilities explained

A breakdown of all 10 OWASP Top 10 categories with real CVEs (Log4Shell, Equifax, Heartbleed) mapped to each, and stats on which risks hit production most.

Jun 4, 20266 min read
Application Security

Container Security for the Software Supply Chain

Container scanning means more than SCA: OS layers, secrets, and provenance matter too. See the gaps in SCA-first tools and how Safeguard closes them.

Jun 4, 20267 min read
Application Security

OWASP API Security Top 10 risks explained

The OWASP API Security Top 10 ranks BOLA, broken auth, SSRF, and 7 more API risks behind breaches like Optus and T-Mobile — explained with real incidents.

Jun 4, 20268 min read
Application Security

Implementing the OWASP Top 10 Proactive Controls

A field guide to the OWASP Top 10 Proactive Controls: what each control requires, real breach examples like Equifax, and how to implement them in CI/CD.

Jun 4, 20267 min read
application-security (Page 19) — Safeguard Blog