application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
Password Security Storage: Hashing Done Right
Password security storage still gets built wrong in 2024 — here's what a correct implementation looks like, from algorithm choice to salt handling to migration.
SQL Injection: How It Works and How It's Actually Tested
A defender's walkthrough of how SQL injection works and how security testers actually verify it in a controlled, authorized assessment — not a how-to-attack guide.
Tauri Desktop App Security Model: What Developers Need to Know
Tauri offers a fundamentally different security model than Electron for desktop applications. Understanding its permission system, IPC boundaries, and supply chain implications is critical.
GraphQL Injection Prevention: Securing Your API Layer
GraphQL's flexible query language introduces injection risks that differ fundamentally from REST APIs. Preventing GraphQL injection requires understanding the query parser, resolver chain, and schema design.
SAST Tool Accuracy Benchmarks 2024: What the Data Actually Shows
Static Application Security Testing tools vary dramatically in accuracy. We analyze detection rates, false positive rates, and language coverage across leading SAST tools using standardized benchmarks.
What is Fuzzing
Fuzzing feeds programs malformed input at machine speed to trigger crashes and expose memory-safety bugs. Here's how fuzz testing works and why it matters.
WebSocket Security in Modern Applications
WebSockets enable real-time communication but introduce attack surfaces that traditional HTTP security controls miss entirely.
Prototype Pollution in JavaScript: Prevention Guide
Prototype pollution lets attackers modify the behavior of all JavaScript objects by injecting properties into Object.prototype. This guide covers exploitation techniques, real-world impact, and layered defenses.
What Is SSDLC? The Secure Software Development Lifecycle
SSDLC builds security work into every phase of delivery instead of auditing at the end. Here is what changes at each phase, which frameworks define it, and how to adopt it without stalling releases.
.NET Trimming Security Implications: What Gets Cut and Why It Matters
IL trimming reduces .NET application size but can silently remove security-relevant code paths. Here is what you need to watch for.
What Is AppSec, and Who Owns It on a Modern Team?
AppSec covers every security decision made about how software is designed, built, and shipped — but ownership is more distributed than most org charts admit.
Mobile Application Security Testing: Beyond the OWASP Mobile Top 10
Mobile apps have unique security challenges that web-focused tools miss entirely. Here is a practical testing methodology for iOS and Android.