application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
What is SAST? Static Application Security Testing explained
SAST scans source code for vulnerabilities before deployment. Learn how it works, where it fits vs. DAST/SCA, its false-positive limits, and 2026 tooling.
What is DAST? Dynamic Application Security Testing explained
DAST tests running applications like an attacker would. Learn how it works, how it differs from SAST, and where it falls short.
SAST vs DAST vs SCA: choosing the right tool
SAST, DAST, and SCA each answer a different security question — here's what each catches, when to run them, and how to prioritize the flood of findings.
What Is Perimeter Protection in Application Security
Perimeter protection screens packages at the gate — but xz-utils, SolarWinds, and event-stream all slipped past firewalls. Here's what it catches, and what it misses.
The CWE Top 25 most dangerous software weaknesses
MITRE's 2023 CWE Top 25 ranks the software weaknesses behind 43,996 CVEs. Here's how it's scored, what moved, and how to prioritize fixes.
SAST vs DAST: static and dynamic application security tes...
SAST catches insecure code before deploy; DAST tests running apps after. We compare both against JFrog's Artifactory-first model and Safeguard's supply-chain-native approach.
How to secure a REST API
REST API breaches from T-Mobile to Optus trace to a handful of recurring mistakes. Here's how to fix authorization, auth, injection, and rate limiting.
SQL injection cheat sheet: 8 best practices to prevent it
SQL injection still breaches Fortune 500s in 2026. Here are 8 concrete practices — from parameterized queries to reachability analysis — that actually stop it.
Regular Expression Denial of Service (ReDoS) explained
ReDoS turns a single crafted string into an exponential-time attack. Here's how catastrophic backtracking works, real CVEs, and how to detect it.
Zip Slip vulnerability cheat sheet
A concrete, question-driven cheat sheet on Zip Slip: how the archive-extraction path traversal bug works, real CVEs, and how to detect and fix it.
Preventing path traversal (directory traversal) attacks
Path traversal lets attackers read or write files outside a web app's directory using ../ sequences. Here's how it works and how to stop it.
How to prevent log injection vulnerabilities in Node.js
Log injection lets attackers forge log entries in Node.js apps via unsanitized input. Learn the sanitization, encoding, and structured-logging fixes that stop it.