Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Concepts

What is RASP

RASP runs inside an application and blocks attacks in real time, from the inside out. Here's how it works, how it differs from a WAF, and where it fits.

Mar 5, 20245 min read
AppSec

What Does SAST Stand For, Exactly?

SAST stands for static application security testing — analyzing source code for vulnerabilities without ever running the program, which is what separates it from every dynamic testing approach.

Mar 5, 20245 min read
Concepts

What is IAST

IAST instruments a running application from the inside to find vulnerabilities with very low false positives. Here's how it works and how it compares to SAST and DAST.

Feb 14, 20247 min read
Application Security

YAML Deserialization Attacks and How to Prevent Them

YAML looks innocent but its deserialization features have led to remote code execution in countless applications. Here is why and how to stay safe.

Jan 28, 20244 min read
AppSec

Auditing AI-Generated Code: A Practical Security Guide

AI code generation tools are producing millions of lines of code daily. Here is a practical framework for auditing AI-generated code for security vulnerabilities and supply chain risks.

Jan 25, 20246 min read
Tool Reviews

Veracode SCA: Mature Application Security Meets Dependency Scanning

An overview of Veracode's SCA capabilities within their broader application security platform, covering vulnerability prioritization, agent-based scanning, and enterprise features.

Jan 18, 20245 min read
Concepts

What is Security Testing

Security testing is how teams find exploitable weaknesses before attackers do. Here's the main types — SAST, DAST, IAST, SCA, fuzzing, pentesting — and how they fit together.

Jan 11, 20247 min read
Application Security

IAST vs RASP: Runtime Protection Approaches Compared

Interactive Application Security Testing and Runtime Application Self-Protection both operate at runtime, but they serve different purposes. Here is how they compare and when to use each.

Jan 5, 20245 min read
Application Security

WAF Bypass Techniques and What They Mean for Supply Chain Security

Web Application Firewalls are a critical defense layer, but they are routinely bypassed. Understanding bypass techniques helps you build defense in depth rather than relying on a single control.

Dec 8, 20236 min read
Application Security

Deserialization Attacks in Java and Python

Insecure deserialization turns data parsing into code execution. This guide covers deserialization attacks in Java and Python, the gadget chain concept, and practical defenses for both ecosystems.

Dec 5, 20236 min read
Best Practices

Express.js Security Middleware: An Audit

Express remains the default Node.js framework at most shops, and its middleware ecosystem is a thirteen-year accumulation of packages, some abandoned, some indispensable. This is a pragmatic audit of what belongs in a 2023 Express stack.

Nov 15, 20236 min read
Application Security

Java Module System Security Features: What JPMS Actually Delivers

The Java Platform Module System promised stronger encapsulation and security boundaries. Here is what it actually delivers and where the gaps remain.

Nov 8, 20235 min read
application-security (Page 50) — Safeguard Blog