application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
Securing Laravel PHP applications
CVE-2021-3129, leaked APP_KEYs, and Eloquent mass assignment still compromise Laravel apps in 2026 — here's how each attack works and how to close it.
Securing WordPress plugin dependencies
Real CVEs, a supply-chain hack that hit 360,000 sites, and bundled-library blind spots: what WordPress plugin security actually requires in 2026.
RASP vs. SAST vs. DAST vs. IAST: How They Differ
SAST vs DAST vs IAST vs RASP comes down to when each technique looks at your application — source code, a running test instance, instrumented runtime tests, or production traffic — and picking the wrong stage leaves real gaps.
First-Party Code vs Open Source Risk: Where Should AppSec...
First-party code and open source dependencies are one attack surface. See how Safeguard's unified scanning compares to Endor Labs' open-source-first approach.
AI SAST: How AI-Native Static Analysis Finds Business Log...
Traditional SAST can't see business logic flaws because there's no bad syntax to match. Here's how AI-native static analysis finds them, and how Safeguard's approach compares to Endor Labs.
AI Security Code Review for Pull Requests
How AI code review security works in pull requests, where Endor Labs stops short, and what closes the gap between diff review and real supply chain risk.
Secrets Detection in Source Code: What Gets Missed by Reg...
Regex-based secrets scanners miss encoded, multi-line, and historical secrets in git history. Here is what a real secrets detection tool must catch.
Secrets management: tools and best practices
Secrets leak because of workflow gaps, not carelessness. Here's how vaults, scanners, and rotation policies actually stop credential exposure.
Finding and fixing exposed hardcoded secrets in GitHub projects
Hardcoded secrets leak into GitHub every day and get exploited within minutes. Here's how to find, fix, and prevent exposed credentials at scale.
PCI DSS Requirements for Application Security Testing
PCI DSS 4.0's March 2025 deadline made SBOMs and 30-day patch SLAs mandatory. Here's what Requirements 6.3.2, 6.4.2, and 11.3 actually demand, and where Endor Labs leaves compliance gaps.
SAST vs DAST vs SCA vs IAST
SAST, DAST, SCA, and IAST each test different risk. See how Safeguard's unified platform compares to Socket.dev's SCA-focused approach to supply chain security.
GDPR compliance considerations for application security teams
GDPR's Article 32 doesn't name SAST or SBOM, but fines like Meta's €1.2B and BA's £20m trace straight back to AppSec gaps.