Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Vulnerabilities

Password Security Storage: Hashing Done Right

Password security storage still gets built wrong in 2024 — here's what a correct implementation looks like, from algorithm choice to salt handling to migration.

Sep 17, 20245 min read
Vulnerabilities

SQL Injection: How It Works and How It's Actually Tested

A defender's walkthrough of how SQL injection works and how security testers actually verify it in a controlled, authorized assessment — not a how-to-attack guide.

Sep 4, 20245 min read
Application Security

Tauri Desktop App Security Model: What Developers Need to Know

Tauri offers a fundamentally different security model than Electron for desktop applications. Understanding its permission system, IPC boundaries, and supply chain implications is critical.

Jun 5, 20247 min read
Application Security

GraphQL Injection Prevention: Securing Your API Layer

GraphQL's flexible query language introduces injection risks that differ fundamentally from REST APIs. Preventing GraphQL injection requires understanding the query parser, resolver chain, and schema design.

May 5, 20247 min read
Application Security

SAST Tool Accuracy Benchmarks 2024: What the Data Actually Shows

Static Application Security Testing tools vary dramatically in accuracy. We analyze detection rates, false positive rates, and language coverage across leading SAST tools using standardized benchmarks.

May 5, 20245 min read
Concepts

What is Fuzzing

Fuzzing feeds programs malformed input at machine speed to trigger crashes and expose memory-safety bugs. Here's how fuzz testing works and why it matters.

Apr 18, 20246 min read
Application Security

WebSocket Security in Modern Applications

WebSockets enable real-time communication but introduce attack surfaces that traditional HTTP security controls miss entirely.

Apr 8, 20245 min read
Application Security

Prototype Pollution in JavaScript: Prevention Guide

Prototype pollution lets attackers modify the behavior of all JavaScript objects by injecting properties into Object.prototype. This guide covers exploitation techniques, real-world impact, and layered defenses.

Apr 5, 20246 min read
DevSecOps

What Is SSDLC? The Secure Software Development Lifecycle

SSDLC builds security work into every phase of delivery instead of auditing at the end. Here is what changes at each phase, which frameworks define it, and how to adopt it without stalling releases.

Mar 14, 20246 min read
Application Security

.NET Trimming Security Implications: What Gets Cut and Why It Matters

IL trimming reduces .NET application size but can silently remove security-relevant code paths. Here is what you need to watch for.

Mar 12, 20245 min read
AppSec

What Is AppSec, and Who Owns It on a Modern Team?

AppSec covers every security decision made about how software is designed, built, and shipped — but ownership is more distributed than most org charts admit.

Mar 11, 20245 min read
Application Security

Mobile Application Security Testing: Beyond the OWASP Mobile Top 10

Mobile apps have unique security challenges that web-focused tools miss entirely. Here is a practical testing methodology for iOS and Android.

Mar 8, 20246 min read
application-security (Page 49) — Safeguard Blog