application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
10 serverless security best practices
10 concrete, numbers-backed serverless security practices covering IAM least privilege, dependency SBOMs, event injection, and secrets management.
Securing AWS Lambda cold starts and execution permissions
Lambda cold starts inject live IAM credentials into shared execution environments — here's how over-permissioned roles and vulnerable layers turn that into a real attack surface.
WebAssembly (WASM) security considerations
A 2018 WASM cryptominer hit 4,275+ websites in a day. Learn WebAssembly's real security risks, from memory bugs to supply chain blind spots.
Securing gRPC microservice communication
gRPC's binary, multiplexed transport breaks REST-era security tooling. Here's how to fix mTLS gaps, reflection exposure, and per-method authorization.
Microservices security: authentication between services
Service-to-service auth stops lateral movement between microservices. Learn how mTLS, OAuth2, and SPIFFE/SPIRE secure internal calls in production.
The State of Cloud Native Application Security survey
New 2026 survey data reveals a widening gap between vulnerability alert volume and remediation capacity — and what security teams say actually helps.
SAST and DAST Tools: A Combined Buying Guide
Buying SAST and DAST tools separately usually means paying for two dashboards that don't talk to each other — here's how to evaluate them as a combined purchase in 2026.
Snyk Learn: interactive security training for developers
Snyk Learn popularized the developer security training platform. But without reachability-aware prioritization, training risks teaching developers to fix the wrong things.
Wiz vs. Snyk: platform breadth vs. developer-first security
Wiz and Snyk solve different layers of AppSec entirely. Here is how the two actually compare, and where build provenance still needs coverage.
Consolidating AppSec tools with an ASPM platform
Most AppSec teams run 10-15 disconnected tools. Here's how ASPM platforms consolidate them, why reachability changes what "critical" means, and how to evaluate one.
Security debt vs security risk: how to measure both
Security debt and security risk are measured differently and demand different remediation clocks. Here's how to quantify each — and where they collide.
Static analysis (SAST) buyer's guide for enterprise teams
A concrete buyer's guide to enterprise SAST: false-positive rates, reachability analysis, POC criteria, SBOM integration, and real pricing benchmarks for 2026.