application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
Best secure software development lifecycle (SSDLC) platforms
A practical buyer's guide to SSDLC platforms in 2026 — evaluation criteria, an honest roundup of six real vendors, and where Safeguard fits in.
White-Box Penetration Testing: What Testers Actually See
White box penetration testing gives testers source code, architecture diagrams, and credentials up front, which finds different bugs than a black-box test — usually faster and deeper, at the cost of realism.
Weak Password Recovery Mechanisms
From Sarah Palin's 2008 Yahoo hack to the 2014 iCloud photo leak, weak password recovery flows keep giving attackers account takeover without a password.
Insecure Hash Algorithm Usage in Application Code
MD5 and SHA-1 collisions were proven broken decades ago, yet they still power passwords, checksums, and signatures in production code today. Here's why—and how to find them.
Post-Quantum Cryptography Migration for Application Security
NIST finalized PQC standards in 2024, but most companies can't even inventory where RSA and ECC live in their stack. Here's a realistic migration roadmap for AppSec teams.
Unrestricted File Upload Vulnerabilities
Unrestricted file upload flaws let attackers turn a simple upload form into remote code execution. Here's how real-world CVEs happened, and how to prevent them.
Race Conditions (TOCTOU) in Application Code
From Dirty COW to runc's CVE-2021-30465, TOCTOU race conditions keep slipping past code review. Here's why they're invisible to standard tooling — and how to catch them.
Logging Vulnerabilities: Log Injection and Sensitive Data...
Log4Shell, plaintext password logs, and CRLF injection show how logging vulnerabilities turn debug output into a full-blown breach vector for attackers.
SQL Injection Prevention in Python with Parameterized Que...
SQL injection remains widespread in Python apps despite decades-old fixes. Here's how parameterized queries actually prevent it, and where ORMs still leave gaps.
Path Traversal Prevention in Go with filepath.Join Valida...
filepath.Join in Go only cleans a path, it doesn't restrict it to a base directory. Here's why that gap produced real CVEs, and how to close it for good.
Path Traversal Prevention in C# with Path.GetFullPath
Path.GetFullPath resolves traversal sequences, but it isn't a sanitizer on its own. Here's how C# teams get containment checks wrong, and how to fix them.
Path Traversal Prevention in Ruby with File.realpath
How File.realpath stops path traversal in Ruby apps, why File.expand_path alone fails, and what real CVEs like Sprockets' CVE-2018-3760 reveal about secure file handling.