Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

DevSecOps

Best secure software development lifecycle (SSDLC) platforms

A practical buyer's guide to SSDLC platforms in 2026 — evaluation criteria, an honest roundup of six real vendors, and where Safeguard fits in.

Nov 4, 20257 min read
SecOps

White-Box Penetration Testing: What Testers Actually See

White box penetration testing gives testers source code, architecture diagrams, and credentials up front, which finds different bugs than a black-box test — usually faster and deeper, at the cost of realism.

Nov 2, 20255 min read
Industry Analysis

Weak Password Recovery Mechanisms

From Sarah Palin's 2008 Yahoo hack to the 2014 iCloud photo leak, weak password recovery flows keep giving attackers account takeover without a password.

Nov 1, 20257 min read
Industry Analysis

Insecure Hash Algorithm Usage in Application Code

MD5 and SHA-1 collisions were proven broken decades ago, yet they still power passwords, checksums, and signatures in production code today. Here's why—and how to find them.

Oct 31, 20257 min read
Application Security

Post-Quantum Cryptography Migration for Application Security

NIST finalized PQC standards in 2024, but most companies can't even inventory where RSA and ECC live in their stack. Here's a realistic migration roadmap for AppSec teams.

Oct 30, 20256 min read
Industry Analysis

Unrestricted File Upload Vulnerabilities

Unrestricted file upload flaws let attackers turn a simple upload form into remote code execution. Here's how real-world CVEs happened, and how to prevent them.

Oct 30, 20257 min read
Industry Analysis

Race Conditions (TOCTOU) in Application Code

From Dirty COW to runc's CVE-2021-30465, TOCTOU race conditions keep slipping past code review. Here's why they're invisible to standard tooling — and how to catch them.

Oct 29, 20257 min read
Industry Analysis

Logging Vulnerabilities: Log Injection and Sensitive Data...

Log4Shell, plaintext password logs, and CRLF injection show how logging vulnerabilities turn debug output into a full-blown breach vector for attackers.

Oct 29, 20258 min read
Industry Analysis

SQL Injection Prevention in Python with Parameterized Que...

SQL injection remains widespread in Python apps despite decades-old fixes. Here's how parameterized queries actually prevent it, and where ORMs still leave gaps.

Oct 27, 20257 min read
Industry Analysis

Path Traversal Prevention in Go with filepath.Join Valida...

filepath.Join in Go only cleans a path, it doesn't restrict it to a base directory. Here's why that gap produced real CVEs, and how to close it for good.

Oct 24, 20257 min read
Industry Analysis

Path Traversal Prevention in C# with Path.GetFullPath

Path.GetFullPath resolves traversal sequences, but it isn't a sanitizer on its own. Here's how C# teams get containment checks wrong, and how to fix them.

Oct 24, 20257 min read
Industry Analysis

Path Traversal Prevention in Ruby with File.realpath

How File.realpath stops path traversal in Ruby apps, why File.expand_path alone fails, and what real CVEs like Sprockets' CVE-2018-3760 reveal about secure file handling.

Oct 23, 20258 min read
application-security (Page 43) — Safeguard Blog