application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
What is a Secure SDLC (Software Development Life Cycle)
A secure SDLC embeds security into every dev phase, not just the end. Learn the model, frameworks, and pitfalls — with real breach examples.
What is Secure Code Review
Secure code review finds exploitable flaws in source code before they ship. Here's what it actually checks, how it differs from SAST, and when it should happen.
Code Review vs Static Analysis
Code review and static analysis catch different bugs at different gates. Here's how they differ, where each fails, and how to combine them.
Attack Surface Management (ASM): best practices guide
A practical attack surface management best practices guide for software supply chains, covering SBOMs, base image hardening, CI/CD exposure, and a 90-day rollout plan.
Application security assessments: a practical guide
A practical, numbers-based guide to running application security assessments -- scope, cadence, findings, and how Safeguard compares to image-hardening tools like Chainguard.
Attack surface reduction: practical strategies to minimiz...
Base images are one layer. Real attack surface reduction covers dependencies, build pipelines, and provenance too — here's what Chainguard's approach misses.
What is SQL Injection (SQLi)
SQL injection (CWE-89) lets attackers rewrite database queries via untrusted input — here's how SQLi works, its types, severity, and how to prevent it.
How Does SQL Injection Work
A technical walkthrough of how SQL injection works, the main attack variants, real breaches it caused, and how to detect and prevent it.
What is Server-Side Request Forgery (SSRF)
SSRF turns a server's own trusted network position against it. Learn how the Capital One breach happened, real CVEs, and how to detect and prevent it.
What is Command Injection
Command injection lets attackers run OS commands through unsanitized input. Learn how it works, real CVEs like Shellshock and PAN-OS, and how to prevent it.
What is Path Traversal
Path traversal (CWE-22) lets attackers escape a web root using ../ sequences to read or write arbitrary files. Here's how it works, real breaches, and fixes.
What is Directory Traversal
Directory traversal (CWE-22) lets attackers use ../ sequences to read or write files outside a web app's root directory. Here's how it works.