Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Compliance

PCI DSS requirements for application security programs

PCI DSS v4.0.1 Requirement 6 sets hard deadlines and evidence rules for AppSec — here's what 6.2.3, 6.3.1–6.3.3 actually demand.

May 12, 20267 min read
Best Practices

What is AI-native SAST vs AI-augmented SAST?

AI SAST isn't one thing. Aikido bolts AI onto a rule-based Semgrep fork; AI-native tools use AI as the detection engine itself. Here's the real difference.

May 3, 20269 min read
Application Security

How to prevent log injection vulnerabilities in Java

Log injection let attackers turn Log4j logging calls into remote code execution in 2021. Here's how CWE-117 works in Java and how to stop it.

May 2, 20266 min read
Best Practices

How AI pentesting works and where it fits alongside SAST/...

AI pentesting explained: how autonomous agents test live apps, how it differs from SAST/DAST and Aikido's bolt-on approach, and where Safeguard fits in.

May 2, 20268 min read
Vulnerability Analysis

Reachability analysis for prioritizing vulnerabilities

Reachability analysis cuts vulnerability noise by 70-90% by tracing which CVEs are actually callable from your code, not just present in your dependency tree.

Apr 29, 20268 min read
Application Security

iOS application security best practices

Concrete iOS app security controls—Keychain data protection, ATS, dependency vetting, and privacy manifests—grounded in real CVEs like CocoaPods 2024 and BLASTPASS.

Apr 29, 20267 min read
Application Security

Android application security best practices

A practical, evidence-based guide to Android app security: data storage, network hardening, SDK risk, and CI/CD signing, with concrete CVEs and stats.

Apr 29, 20266 min read
Application Security

Browser extension security risks for developers

Cyberhaven's Chrome extension breach hit 400,000 users in hours. Here's how attackers hijack trusted extensions, and how to detect the risk before it spreads.

Apr 28, 20267 min read
Application Security

Electron app security best practices

nodeIntegration, contextIsolation, Chromium patch lag, and npm supply chain risk: the Electron security best practices that actually stop RCE.

Apr 28, 20267 min read
Application Security

Improving GraphQL security with static analysis

GraphQL's flexible query model breaks REST-era security assumptions. Here's how static analysis catches introspection leaks, DoS, and BOLA before deploy.

Apr 27, 20266 min read
Application Security

Building a secure GraphQL API with Node.js

A practical guide to securing Node.js GraphQL APIs: query complexity limits, field-level authorization, injection-safe resolvers, and CSRF hardening.

Apr 27, 20267 min read
Application Security

Serverless security implications from infra to OWASP

Serverless shrinks the OS attack surface but expands the IAM and dependency one. Here's how the OWASP Serverless Top 10 maps to real 2021-era incidents.

Apr 27, 20266 min read
application-security (Page 25) — Safeguard Blog