Safeguard
Tag

appsec

Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.

339 articles

Tools

Best Free Security Tools for Bootstrapped Startups in 2026

A zero-budget security stack that actually covers the top risks: SCA, secrets scanning, SAST, container scanning, and DAST — plus what each free tool won't do.

Jan 13, 20266 min read
Vulnerability Analysis

Django admin ChangeList path traversal (CVE-2021-33203)

CVE-2021-33203 is a staff-only path traversal in Django's admindocs TemplateDetailView. Here's what's affected, its CVSS/EPSS profile, and how to remediate it.

Dec 28, 20257 min read
AI Security

What agentic AI security means and why traditional AppSec...

Traditional AppSec was built for static code, not decision-making agents. Here's what agentic AI security actually covers—and why autonomous agents need a new defense model.

Dec 20, 20258 min read
Vulnerability Analysis

Server-Side Request Forgery (SSRF): how it works and how to prevent it

SSRF turns a server into an attacker's proxy into your internal network. Here's how it works, what Capital One's breach taught the industry, and how to stop it.

Dec 14, 20256 min read
Vulnerability Analysis

Directory listing exposure risks explained

Directory listing vulnerabilities expose raw file trees via one misconfigured Apache, Nginx, or IIS directive. Here's how they happen and how to fix them.

Dec 12, 20257 min read
Vulnerability Analysis

HTTP request smuggling explained

HTTP request smuggling exploits parser mismatches between proxies and origin servers. Learn CL.TE/TE.CL mechanics, real CVEs, and how to detect it.

Dec 6, 20257 min read
Vulnerability Analysis

SSRF via webhooks explained

Webhook SSRF turns a trusted callback feature into an internal network foothold. Here is how the attack works, real incidents, and how to actually fix it.

Dec 4, 20257 min read
Vulnerability Analysis

Improper input validation (CWE-20) explained

CWE-20 explained: how improper input validation causes SQLi, RCE, and DoS, with real CVEs like Equifax's Struts breach and how to detect and fix it.

Dec 1, 20257 min read
Frameworks

OWASP Top 10:2025 RC1: Software Supply Chain Failures Becomes Its Own Category

The OWASP Top 10:2025 release candidate, published November 2025, splits Vulnerable Components into a broader Software Supply Chain Failures category and elevates Security Misconfiguration to #2.

Nov 20, 20257 min read
AI Security

Overreliance on LLM Outputs: A Security Perspective

LLMs hallucinate packages, vulnerability verdicts, and compliance summaries with total confidence. Here's where overreliance on AI outputs creates real security risk—and how to close the gap.

Nov 13, 20257 min read
AppSec

The Benefits of Using SAST Tools During Code Review

The real benefit of using SAST tools during code review isn't finding more bugs than a human reviewer — it's finding the specific bugs humans consistently miss, before merge.

Nov 12, 20256 min read
Industry Analysis

Object Injection Vulnerabilities in PHP and Node.js

PHP's unserialize() and Node's insecure deserialization both let attackers forge objects and execute code. Here's how object injection works and how to stop it.

Nov 9, 20257 min read
appsec (Page 16) — Safeguard Blog