Safeguard
Tag

appsec

Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.

339 articles

Vulnerability Analysis

What is XML External Entity (XXE) Injection

XXE injection lets attackers abuse XML parsers to read files, trigger SSRF, or crash services. Here's how it works, real CVEs, and how to stop it.

Mar 30, 20266 min read
Application Security

Best Secrets Detection Tools: 2026 Buyer's Guide

A field comparison of the best secrets detection tools in 2026 across precision, secret variety, and CI integration for teams hardening their supply chain.

Mar 27, 20265 min read
AppSec

ASPM Security: Application Security Posture Management Explained

ASPM doesn't scan anything new — it aggregates and prioritizes findings your existing SAST, DAST, and SCA tools already produce, which is exactly the problem most AppSec teams actually have.

Mar 27, 20264 min read
AppSec

Application Security Automation: What to Automate First

Automation pays off in a strict order: dependencies, secrets, static analysis, then dynamic testing. Here is the sequence, why it works, and what should stay manual.

Mar 24, 20266 min read
Vulnerability Analysis

What Are Security Logging and Monitoring Failures

Equifax went undetected for 76 days, Marriott for four years. Here's what security logging and monitoring failures are, why they happen, and how to close the gap.

Mar 22, 20267 min read
Enterprise

Cybersecurity Platforms: When Consolidation Wins

Consolidating point tools into a platform can cut cost and alert fatigue — or lock you into one vendor's blind spots. Here is a clear-eyed rule for when cybersecurity platforms pay off and when they do not.

Mar 19, 20267 min read
Concepts

What Is a Security Champion?

A security champion is a developer who advocates for security inside their team, bridging engineering and the security function. Learn the role, how programs work, and why they scale culture.

Mar 18, 20266 min read
Application Security

What is API Security

API security explained: what it is, why APIs are the top breach vector, the OWASP API Top 10, real breaches, and how to test and monitor endpoints.

Mar 11, 20267 min read
Application Security

How to Secure REST APIs

REST APIs keep failing the same way: BOLA, weak auth, shadow endpoints. Real breaches (T-Mobile, Optus, Peloton) and concrete fixes for each.

Mar 10, 20267 min read
Application Security

API Security Misconfiguration

API misconfigurations exposed 37M T-Mobile and 9.8M Optus accounts without a single exploit. Here's why it keeps happening and how to stop it.

Mar 10, 20266 min read
Culture

What Does a Product Security Engineer Actually Do?

Product security engineer isn't just AppSec with a different title — it's the role that owns security decisions inside the product itself, not just the pipeline that ships it.

Mar 9, 20266 min read
DevSecOps

What is Code Signing

Code signing proves who published software and that it wasn't tampered with — but SolarWinds, CCleaner, and 3CX show signed doesn't mean safe.

Mar 6, 20266 min read
appsec (Page 12) — Safeguard Blog