application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
What is Noise Reduction in AppSec Tooling
Most AppSec scans return thousands of findings, but under 5% are ever reachable in production. Here's how noise reduction actually works.
What is a Trust Boundary
A trust boundary is where data crosses into a higher-privilege context and must be verified. Learn where they hide and how breaches like Log4Shell exploited them.
What is Taint Analysis
Taint analysis traces untrusted input from source to sink to catch injection flaws. Learn how it works, what it misses, and how reachability analysis fixes the noise.
What is Abstract Syntax Tree (AST) Analysis
AST analysis parses code into a tree to catch what regex scanning misses — here's how it works, its limits, and how reachability fixes the gap.
Ruby deserialization vulnerabilities: Marshal.load, YAML....
A decade of Ruby CVEs — from CVE-2013-0156 to CVE-2022-32224 — shows how Marshal.load and YAML.load turn untrusted input into remote code execution.
What is Semantic Code Analysis
Semantic code analysis traces how data actually flows through code to find real vulnerabilities — cutting false positives that plague pattern-matching SAST tools.
What is Risk Scoring
Vulnerability risk scoring ranks flaws by real exploitability and exposure, not just CVSS severity. Here's how it works and why it matters.
What is Vulnerability Triage
Vulnerability triage ranks scanner findings by real exploitability and exposure, not raw CVSS score, turning an unmanageable backlog into a short, defensible fix list.
What is Exposure Management
Exposure management goes beyond CVE lists — it's the continuous, evidence-backed way to find and fix what attackers can actually exploit today.
What is Continuous Threat Exposure Management (CTEM)
CTEM is Gartner's five-stage framework for continuously scoping, discovering, prioritizing, and validating exposures instead of relying on periodic scans.
What is Attack Surface Reduction
Attack surface reduction means shrinking every entry point attackers can use—code, network, and identity. Here's how to define, measure, and act on it.
What Are Secure Coding Standards
Secure coding standards are enforceable rules — like OWASP and CERT — that stop specific CWEs before code ships. Here's what they cover and how to enforce them.