application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
ASPM vs Traditional Vulnerability Management: What Actual...
ASPM doesn't replace your scanners — it correlates their output with runtime reachability and ownership to cut a 10,000-finding backlog down to the handful that actually matter.
Why Alert Fatigue, Not Tool Gaps, Is the Real AppSec Bott...
AppSec teams don't fail from missing tools, they fail from thousands of unprioritized alerts. Here's why alert fatigue is the real AppSec bottleneck.
eBPF and OpenTelemetry: The New Instrumentation Layer for...
eBPF and OpenTelemetry are becoming AppSec's new runtime instrumentation layer, catching supply chain attacks like the xz backdoor that static scanners miss entirely.
Measuring Developer Security Maturity Beyond Tool Coverage
Tool coverage tells you what's installed, not whether developers are actually getting safer. Here's how to build a maturity model around remediation velocity, recurrence, and secrets hygiene instead.
The Hidden Cost of Context Switching Between IDE and Secu...
Jumping between your IDE and security dashboards isn't free. Here's what context switching really costs developers, and how to eliminate it.
Gamification of Secure Coding: Does It Change Long-Term B...
Gamified secure coding training boosts engagement fast — but does it change what developers ship six months later? Here's what the data actually shows.
The Acquisition Pattern Behind AppSec's Runtime Visibilit...
From Cider Security to the $32B Google-Wiz deal, AppSec acquirers keep paying for one thing: runtime visibility into what code actually does in production.
Why Hyperscaler Partnerships Are Becoming Table Stakes fo...
Google's ~$32B Wiz deal signaled it: hyperscaler marketplaces, partner programs, and native tooling now shape how AppSec buying actually happens.
The Quiet Consolidation of SCA, SAST, and Container Scann...
A wave of PE buyouts and platform acquisitions is quietly folding SCA, SAST, and container scanning into fewer, bigger AppSec platforms. Here's what's driving it.
How Analyst Firms Are Redrawing Category Lines Around ASPM
Gartner, Forrester, and other analyst firms are redrawing the boundaries around ASPM, CNAPP, and traditional AppSec testing — reshaping how security teams buy and organize tools.
API Security Scanning: What Good Tools Actually Catch
API security scanning explained in terms of the specific failure classes it catches, from broken object-level authorization to shadow endpoints, and why generic web scanners miss most of them.
Serialization vs. Deserialization in Java: Security Implications
The difference between serialization and deserialization in Java is simple to state and dangerous to get wrong — deserialization of untrusted data has caused some of the highest-severity Java CVEs of the last decade.