appsec
Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.
339 articles
Mobile Application Security Assessment: How It's Actually Done
What a mobile application security assessment actually involves, from static binary analysis through dynamic testing on real devices, and where it differs from a web app pen test.
Dynamic Application Security Testing Tools, Compared
Dynamic application security testing tools test running applications the way an attacker would, but they differ sharply on API coverage, auth handling, and CI integration — here's how to tell them apart.
DOM-Based XSS: Finding and Fixing Client-Side Injection
DOM XSS never touches your server, so response scanners miss it. Here is how to trace sources to sinks in client code and shut the flaw down.
How Snyk's --project-tags and business-criticality flags ...
How Snyk CLI's --project-tags and --project-business-criticality flags attach business context to scans, and why that context can drift out of date.
The Confidence Gap: Why Developers Trust AI Code More Tha...
Studies show developers trust AI-generated code more than human code, even though it's often less secure. Here's what's driving the AI code trust gap.
Autocomplete Anxiety: Measuring How Often AI Coding Assis...
Studies show 40-45% of AI-suggested code contains exploitable flaws, and models hallucinate fake packages developers install. Here's what the data says.
The Prompt Injection Problem Hiding Inside Everyday Code ...
AI coding assistants read untrusted files as instructions, not data. Here's how prompt injection sneaks malicious code into your commits — and how to catch it before it ships.
Do Code Review Practices Need to Change When Half the Cod...
AI now writes up to half of production code. Here is why traditional code review breaks down on AI output, and what teams need to change.
The Missing Guardrails: Why So Few Teams Scan AI Suggesti...
AI writes most new code, but few CI pipelines scan it before merge. Here's why the AI code scanning adoption gap exists — and what closes it.
Comparing Insecure Output Rates Across Popular AI Coding ...
A benchmark-driven look at insecure output rates across GitHub Copilot, Cursor, Amazon Q, and Tabnine, and why the model matters more than the brand.
How AI Code Generation Is Changing the Shape of the OWASP...
AI coding assistants are quietly reshuffling the OWASP Top Ten, elevating software supply chain risk and reviving old injection bugs at machine speed.
Common Insecure Suggestions in SQL and Auth Code from AI ...
Across studies from Stanford to BaxBench, AI assistants keep suggesting string-concatenated SQL and hardcoded JWT secrets. Here is the pattern, by the numbers.