Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Industry Analysis

XXE (XML External Entity) attack

A precise breakdown of what an XXE attack is, how XML external entity injection works, a real-world exploit example, the billion laughs attack, and prevention techniques.

Feb 25, 20266 min read
Industry Analysis

C# and .NET Security Explained

C# and .NET security explained: real CVEs, NuGet supply-chain attacks, BinaryFormatter risk, and the SolarWinds lesson every .NET team needs.

Feb 23, 20267 min read
Industry Analysis

PHP Security Explained

PHP still runs ~74% of the web. From the 2024 PHP-CGI RCE to WordPress plugin flaws, here's what actually breaks PHP apps in production.

Feb 23, 20268 min read
Tools

Static Analysis vs Dynamic Analysis

Static analysis reads code before it runs; dynamic analysis watches it execute. Here's how the two differ, catch different bugs, and work best together.

Feb 22, 20267 min read
Application Security

IAST vs RASP: A Decision Tree for 2026

When to deploy IAST, when to deploy RASP, and when to skip both. A pragmatic decision tree based on application architecture, threat model, and operational maturity.

Feb 18, 20266 min read
DevSecOps

How to set up SAST scanning in a GitHub Actions pipeline

A step-by-step guide to setting up SAST scanning in GitHub Actions with CodeQL and Semgrep, including config, gating, and troubleshooting tips.

Feb 18, 20267 min read
AppSec

Runtime Application Security Protection (RASP), Explained

Runtime application security protection instruments your app from the inside so it can block attacks in production, not just flag them in a report.

Feb 18, 20266 min read
DevSecOps

How to set up DAST scanning in a CI/CD pipeline

A practical guide to building a DAST scanning CI/CD pipeline with OWASP ZAP — setup, integration, rule tuning, and troubleshooting for real deployments.

Feb 18, 20267 min read
Best Practices

WAF vs RASP

WAF vs RASP: how edge filtering and runtime protection differ, why Log4Shell exposed WAF blind spots, and when security teams need both layers.

Feb 18, 20266 min read
Comparisons

Snyk's Market Trajectory Under Peter McKay

Peter McKay has led Snyk as CEO since 2020, steering it from a developer-first open-source scanning tool into a broad, AI-integrated application security platform through a string of acquisitions and a sustained enterprise push.

Feb 17, 20265 min read
Application Security

How to set up secrets scanning in git repositories

A step-by-step guide to secrets scanning in git repositories using gitleaks and trufflehog, covering pre-commit hooks, CI enforcement, and history audits.

Feb 16, 20267 min read
Application Security

How to configure OWASP ZAP for automated scanning

A step-by-step guide to configuring OWASP ZAP for automated scanning in CI/CD, from Docker setup through baseline and API scans to pipeline gating.

Feb 15, 20268 min read
application-security (Page 34) — Safeguard Blog