Safeguard
Tag

application-security

Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.

613 articles

Tool Reviews

Checkmarx SCA: Application Security from a SAST Pioneer

A review of Checkmarx SCA covering its integration with the broader Checkmarx AST platform, vulnerability detection, and exploitability analysis capabilities.

Sep 28, 20235 min read
Application Security

DAST Tool Comparison for Enterprise: What Matters Beyond Feature Lists

Enterprise DAST tools differ in how they handle modern application architectures, API testing, and CI/CD integration. Here is what to evaluate when choosing a DAST solution.

Sep 5, 20235 min read
Application Security

IAST Explained: Why Instrumented Security Testing Catches What Others Miss

IAST combines the precision of SAST with the realism of DAST. Here is how it works, where it fits, and what it actually costs to deploy.

Jul 22, 20237 min read
Application Security

Runtime Application Self-Protection (RASP): A Practical Guide

RASP embeds security directly into the application runtime, detecting and blocking attacks from inside the app. It's powerful, controversial, and misunderstood. Here's what actually works.

Jun 25, 20239 min read
AppSec

Business Logic Vulnerabilities: The Flaws Scanners Cannot Find

Business logic vulnerabilities bypass every automated scanner because they are not coding errors. They are design errors. Here is how to identify and prevent them.

May 5, 20237 min read
AppSec

Modern Command Injection Prevention: Beyond the Basics

Command injection remains in the OWASP Top 10 because developers keep making the same mistakes with new tools. Here is a modern prevention guide covering containers, serverless, and CI/CD.

Apr 5, 20236 min read
Application Security

Dynamic Application Security Testing: A Practitioner's Guide to DAST Done Right

DAST finds what source code analysis cannot. Here is how to set it up, tune it, and actually get value from it in a modern CI/CD pipeline.

Mar 18, 20237 min read
Web Security

Race Condition Vulnerabilities in Web Applications

Race conditions in web applications lead to double-spending, privilege escalation, and data corruption. This guide covers the most common patterns, detection techniques, and practical defenses.

Jan 5, 20238 min read
Application Security

WAF Rule Writing Best Practices: From Alert Fatigue to Actionable Protection

Most WAF deployments drown in false positives because the rules were never tuned. Here is how to write rules that protect without blocking legitimate traffic.

Nov 12, 20226 min read
Application Security

Protocol Buffer Security Considerations Beyond Serialization

Protobuf is everywhere in modern infrastructure. Its security implications go beyond just serialization format choice. Here is what to watch.

Jul 8, 20225 min read
Application Security

SAST vs DAST vs IAST: Which Application Security Testing Approach Fits Your Pipeline?

A practical comparison of SAST, DAST, and IAST — when to use each, where they overlap, and why most teams need more than one.

Jul 8, 20227 min read
Application Security

The OWASP Top 10 (2021) Through a Supply Chain Security Lens

The 2021 OWASP Top 10 added supply chain risks for the first time. Here is what each category means when your code is mostly someone else's code.

Jun 15, 20228 min read
application-security (Page 51) — Safeguard Blog