Safeguard
Tag

appsec

Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.

339 articles

Regulatory Compliance

Django SECRET_KEY exposure and settings.py secret managem...

A Django SECRET_KEY exposure can silently unravel session security, CSRF protection, and signed tokens. Here's how to find, fix, and prevent it for good.

Jan 28, 20268 min read
DevSecOps

DevOps Pipeline Tools: A Buyer's Map by Stage

DevOps pipeline tools cluster around six stages of the software lifecycle — mapping a shortlist to the stage it actually serves prevents the most common buying mistake: overlap without coverage.

Jan 27, 20265 min read
Industry Analysis

Rails mass assignment vulnerabilities and the strong para...

How a 2012 GitHub hack exposed Rails' mass assignment flaw, why attr_accessible failed, and how strong parameters became the lasting fix.

Jan 27, 20267 min read
Regulatory Compliance

FastAPI and Pydantic dependency injection security pitfalls

FastAPI's Depends() and Pydantic's type validation look airtight but hide real bypass patterns — caching bugs, extra="allow" mass assignment, and leaked test overrides.

Jan 26, 20267 min read
Regulatory Compliance

Common OAuth2 and JWT implementation mistakes in FastAPI ...

A practical walkthrough of the FastAPI JWT security mistakes that lead to broken authentication, plus concrete fixes for OAuth2 flows and token validation.

Jan 25, 20268 min read
Regulatory Compliance

NestJS dependency injection and module configuration secu...

NestJS's dependency injection container silently governs data isolation and supply-chain trust. Here's how scope, module, and factory misconfigurations turn into real security failures.

Jan 24, 20267 min read
Tools

Swift Static Analysis Tools for Security 2026

A 2026 survey of static analysis tools for Swift focused on security findings: what works, what does not, and where the iOS and server-side gaps remain.

Jan 22, 20265 min read
AI Security

Top AI Cybersecurity Companies to Watch in 2026

The top AI cybersecurity companies of 2026 span three distinct plays — AI-assisted detection, AI-native SOC automation, and AI-augmented AppSec — and the distinction matters when you're evaluating vendors.

Jan 22, 20265 min read
Tools

Snyk vs Veracode 2026 Buyer Guide

A hands-on comparison of Snyk and Veracode in 2026: developer experience, scan accuracy, SCA depth, SAST tradeoffs, and where each tool actually earns its license cost.

Jan 22, 20266 min read
AppSec

Missing Rate Limiting: The OWASP API Security Risk Explained

A no rate limiting vulnerability sits quietly in most APIs until it enables brute force, credential stuffing, or resource exhaustion; here is how to spot it and fix it before it does.

Jan 22, 20265 min read
AppSec

Application Security Companies: An Evaluation Checklist

A concrete checklist for evaluating application security companies in 2026 — coverage, false-positive handling, integration depth, and the questions vendor demos are designed to dodge.

Jan 15, 20265 min read
AppSec

SAST Tools: A Shortlist Worth Evaluating

A working sast tools list should separate what free sast tools handle well from what only becomes worthwhile once you're paying for language coverage, tuning, and CI/CD depth.

Jan 14, 20265 min read
appsec (Page 15) — Safeguard Blog