appsec-testing
Safeguard articles tagged "appsec-testing" — guides, analysis, and best practices for software supply chain and application security.
4 articles
A primer on the OWASP API Security Top 10 and how to test for it
The OWASP API Security Top 10 dropped Injection entirely in its 2023 update and added SSRF — most REST and GraphQL teams still test for the old list.
Vulnerability assessment vs. penetration testing
Vulnerability assessment and penetration testing solve different problems. Here's how Safeguard's supply chain approach compares to Checkmarx's AppSec platform.
Achieving PCI DSS compliance through AppSec testing
PCI DSS 4.0 made application security testing mandatory, not optional. Here's what auditors check, where scanner-only programs fail, and how to close the gaps.
DAST vs IAST
DAST attacks running apps from the outside; IAST watches from inside during tests. Here's how they differ, where each wins, and when to use both.