Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Application Security

What is Noise Reduction in AppSec Tooling

Most AppSec scans return thousands of findings, but under 5% are ever reachable in production. Here's how noise reduction actually works.

Feb 5, 20267 min read
Best Practices

What is a Trust Boundary

A trust boundary is where data crosses into a higher-privilege context and must be verified. Learn where they hide and how breaches like Log4Shell exploited them.

Feb 3, 20266 min read
Application Security

What is Taint Analysis

Taint analysis traces untrusted input from source to sink to catch injection flaws. Learn how it works, what it misses, and how reachability analysis fixes the noise.

Feb 2, 20266 min read
Application Security

What is Abstract Syntax Tree (AST) Analysis

AST analysis parses code into a tree to catch what regex scanning misses — here's how it works, its limits, and how reachability fixes the gap.

Feb 2, 20266 min read
Industry Analysis

Ruby deserialization vulnerabilities: Marshal.load, YAML....

A decade of Ruby CVEs — from CVE-2013-0156 to CVE-2022-32224 — shows how Marshal.load and YAML.load turn untrusted input into remote code execution.

Feb 2, 20268 min read
Application Security

What is Semantic Code Analysis

Semantic code analysis traces how data actually flows through code to find real vulnerabilities — cutting false positives that plague pattern-matching SAST tools.

Feb 2, 20265 min read
Application Security

What is Risk Scoring

Vulnerability risk scoring ranks flaws by real exploitability and exposure, not just CVSS severity. Here's how it works and why it matters.

Feb 1, 20266 min read
Application Security

What is Vulnerability Triage

Vulnerability triage ranks scanner findings by real exploitability and exposure, not raw CVSS score, turning an unmanageable backlog into a short, defensible fix list.

Feb 1, 20267 min read
Application Security

What is Exposure Management

Exposure management goes beyond CVE lists — it's the continuous, evidence-backed way to find and fix what attackers can actually exploit today.

Jan 30, 20267 min read
Application Security

What is Continuous Threat Exposure Management (CTEM)

CTEM is Gartner's five-stage framework for continuously scoping, discovering, prioritizing, and validating exposures instead of relying on periodic scans.

Jan 30, 20266 min read
Application Security

What is Attack Surface Reduction

Attack surface reduction means shrinking every entry point attackers can use—code, network, and identity. Here's how to define, measure, and act on it.

Jan 30, 20267 min read
Application Security

What Are Secure Coding Standards

Secure coding standards are enforceable rules — like OWASP and CERT — that stop specific CWEs before code ships. Here's what they cover and how to enforce them.

Jan 29, 20267 min read
application-security (Page 36) — Safeguard Blog