appsec
Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.
339 articles
Django SECRET_KEY exposure and settings.py secret managem...
A Django SECRET_KEY exposure can silently unravel session security, CSRF protection, and signed tokens. Here's how to find, fix, and prevent it for good.
DevOps Pipeline Tools: A Buyer's Map by Stage
DevOps pipeline tools cluster around six stages of the software lifecycle — mapping a shortlist to the stage it actually serves prevents the most common buying mistake: overlap without coverage.
Rails mass assignment vulnerabilities and the strong para...
How a 2012 GitHub hack exposed Rails' mass assignment flaw, why attr_accessible failed, and how strong parameters became the lasting fix.
FastAPI and Pydantic dependency injection security pitfalls
FastAPI's Depends() and Pydantic's type validation look airtight but hide real bypass patterns — caching bugs, extra="allow" mass assignment, and leaked test overrides.
Common OAuth2 and JWT implementation mistakes in FastAPI ...
A practical walkthrough of the FastAPI JWT security mistakes that lead to broken authentication, plus concrete fixes for OAuth2 flows and token validation.
NestJS dependency injection and module configuration secu...
NestJS's dependency injection container silently governs data isolation and supply-chain trust. Here's how scope, module, and factory misconfigurations turn into real security failures.
Swift Static Analysis Tools for Security 2026
A 2026 survey of static analysis tools for Swift focused on security findings: what works, what does not, and where the iOS and server-side gaps remain.
Top AI Cybersecurity Companies to Watch in 2026
The top AI cybersecurity companies of 2026 span three distinct plays — AI-assisted detection, AI-native SOC automation, and AI-augmented AppSec — and the distinction matters when you're evaluating vendors.
Snyk vs Veracode 2026 Buyer Guide
A hands-on comparison of Snyk and Veracode in 2026: developer experience, scan accuracy, SCA depth, SAST tradeoffs, and where each tool actually earns its license cost.
Missing Rate Limiting: The OWASP API Security Risk Explained
A no rate limiting vulnerability sits quietly in most APIs until it enables brute force, credential stuffing, or resource exhaustion; here is how to spot it and fix it before it does.
Application Security Companies: An Evaluation Checklist
A concrete checklist for evaluating application security companies in 2026 — coverage, false-positive handling, integration depth, and the questions vendor demos are designed to dodge.
SAST Tools: A Shortlist Worth Evaluating
A working sast tools list should separate what free sast tools handle well from what only becomes worthwhile once you're paying for language coverage, tuning, and CI/CD depth.