Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Regulatory Compliance

OWASP ASVS 5.0 Adoption Guide

OWASP ASVS 5.0 restructured the verification levels and added new requirements for modern stacks. A practical adoption guide for teams using ASVS as their security baseline.

Jun 3, 20256 min read
AppSec

Buffer Overflow Exploits: A Practical Example

A buffer overflow exploit example, walked through step by step, showing exactly how writing past the end of a fixed-size buffer can turn a simple C function into arbitrary code execution.

May 27, 20257 min read
AppSec

Static Code Analysis in Cyber Security: What It Actually Does

Static code analysis in cyber security means scanning source code without running it to catch injection flaws, hardcoded secrets, and unsafe patterns before they ship — here's what it catches and what it misses.

May 14, 20255 min read
Security Concepts

Threat Modelling: STRIDE, PASTA, and a Process That Ships

Threat modelling fails when it becomes a 40-page document nobody reads. Here is what STRIDE and PASTA actually offer, and a lightweight process that survives contact with sprint deadlines.

May 13, 20256 min read
Vulnerabilities

The Java Security Manager Is Deprecated: What to Use Instead

JEP 411 deprecated the Java Security Manager for removal, and years of accumulated java security flaws in its trust model are why the platform is retiring it rather than fixing it further.

May 6, 20255 min read
Culture

OWASP Training: How to Actually Run It for a Dev Team

OWASP training only sticks when it's tied to the vulnerabilities your own codebase actually has, not a generic slide deck run once a year.

May 6, 20255 min read
AppSec

What Is vm2? The Node.js Sandbox and Its Security History

vm2 was the most popular way to run untrusted JavaScript inside Node.js — until a string of sandbox-escape CVEs and its 2023 deprecation showed why sandboxing a dynamic language is so hard to get right.

Apr 14, 20256 min read
AppSec

Eclipse Jetty Vulnerabilities: What to Patch and When

Jetty's HTTP/2 handling and older 9.4.x branches have carried real denial-of-service and information-disclosure CVEs — here's what a jetty 9.4.41 exploit actually looks like and which versions close it.

Mar 18, 20256 min read
Vulnerabilities

Data Vulnerability Classes in Modern Applications

Most breaches trace back to a handful of recurring data vulnerability patterns — from unencrypted storage to broken access checks. Here's how to categorize and prioritize them.

Mar 14, 20256 min read
AI Security

AI Agent Tool Calling Security: Risks and Mitigations

AI agents that call tools -- APIs, databases, file systems, code interpreters -- convert non-deterministic LLM output into real-world actions. Securing this boundary is the defining challenge of agentic AI.

Mar 10, 20257 min read
AppSec

Unrestricted File Upload Vulnerabilities: Risks and Fixes

An unrestricted file upload vulnerability lets an attacker place a working web shell on your server through a form that was only ever supposed to accept profile pictures or PDFs.

Feb 11, 20256 min read
AI Security

Security Testing for LLM-Powered Applications

Applications built on large language models introduce novel attack surfaces that traditional security testing does not cover. This guide addresses the specific testing methodologies needed for LLM applications.

Oct 15, 20247 min read
application-security (Page 48) — Safeguard Blog