appsec
Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.
339 articles
Web Application Vulnerability Scanners, Compared
Web application vulnerability scanners range from free online URL checkers to full DAST platforms — here's how the categories differ and which one actually matches your risk.
Source Code Analysis Tools: SAST, Linters, and Semantic Engines
Not all source code analysis tools do the same job. Linters, pattern-based SAST, and semantic dataflow engines catch different bug classes, and mixing them up wastes budget.
How Snyk Code's security rule sets are structured and ver...
A technical look at how Snyk Code structures, scores, and versions its SAST rules — from the DeepCode AI engine to CWE mapping and custom rule bundles.
How Snyk Agent Fix's agentic retry loop self-corrects fai...
A technical look at how Snyk's Agent Fix uses a bounded, feedback-driven retry loop to validate and self-correct AI-generated vulnerability fixes before they reach a pull request.
The OWASP Top 10 API Security Risks, Explained
The OWASP Top 10 API Security Risks reorder the classic web vulnerability list around how APIs actually get broken — object-level authorization failures beat injection as the most common real-world root cause.
How Snyk Code's detection differs across Java, JavaScript...
Snyk Code applies one hybrid AI-plus-symbolic engine to ten languages, but rule depth, autofix coverage, and taint tracking vary widely by language.
How Snyk Code's confidence scoring separates high-confide...
How Snyk Code's confidence scoring works under the hood, and why "high confidence" and "severity" are not the same axis for triage.
Application Security vs Network Security: Where the Line Is
Application security vs network security comes down to what layer you're defending — code and logic versus traffic and perimeter — and most breaches now happen in the gap between them.
A Checkmarx Scan: What It Actually Analyzes
A breakdown of what a Checkmarx scan actually analyzes under the hood, what its static analysis engine catches well, and where teams typically add another tool alongside it.
Webhooks Security: A Practical Checklist
Webhooks security is easy to get wrong because the endpoint has to trust an unauthenticated inbound request by default — here's the checklist that closes the common gaps.
XStream Deserialization Vulnerabilities: What You Need to Know
XStream, the popular Java XML serialization library, has a long history of deserialization vulnerabilities that lead to remote code execution when it processes untrusted input — here's what changed and how to fix it.
DAST Scanners: How to Choose One for Your Stack
A DAST scanner tests a running app the way an attacker would — but the options range from free crawlers to full authenticated-flow platforms. Here's how to pick.