Safeguard
Tag

appsec

Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.

339 articles

AppSec

Mobile Application Security Assessment: How It's Actually Done

What a mobile application security assessment actually involves, from static binary analysis through dynamic testing on real devices, and where it differs from a web app pen test.

Aug 19, 20255 min read
AppSec

Dynamic Application Security Testing Tools, Compared

Dynamic application security testing tools test running applications the way an attacker would, but they differ sharply on API coverage, auth handling, and CI integration — here's how to tell them apart.

Aug 14, 20254 min read
Vulnerabilities

DOM-Based XSS: Finding and Fixing Client-Side Injection

DOM XSS never touches your server, so response scanners miss it. Here is how to trace sources to sinks in client code and shut the flaw down.

Aug 14, 20255 min read
Product

How Snyk's --project-tags and business-criticality flags ...

How Snyk CLI's --project-tags and --project-business-criticality flags attach business context to scans, and why that context can drift out of date.

Aug 14, 20257 min read
Industry Analysis

The Confidence Gap: Why Developers Trust AI Code More Tha...

Studies show developers trust AI-generated code more than human code, even though it's often less secure. Here's what's driving the AI code trust gap.

Aug 9, 20257 min read
Industry Analysis

Autocomplete Anxiety: Measuring How Often AI Coding Assis...

Studies show 40-45% of AI-suggested code contains exploitable flaws, and models hallucinate fake packages developers install. Here's what the data says.

Aug 9, 20257 min read
AI Security

The Prompt Injection Problem Hiding Inside Everyday Code ...

AI coding assistants read untrusted files as instructions, not data. Here's how prompt injection sneaks malicious code into your commits — and how to catch it before it ships.

Aug 8, 20257 min read
Industry Analysis

Do Code Review Practices Need to Change When Half the Cod...

AI now writes up to half of production code. Here is why traditional code review breaks down on AI output, and what teams need to change.

Aug 8, 20257 min read
Industry Analysis

The Missing Guardrails: Why So Few Teams Scan AI Suggesti...

AI writes most new code, but few CI pipelines scan it before merge. Here's why the AI code scanning adoption gap exists — and what closes it.

Aug 8, 20257 min read
Buyer's Guides

Comparing Insecure Output Rates Across Popular AI Coding ...

A benchmark-driven look at insecure output rates across GitHub Copilot, Cursor, Amazon Q, and Tabnine, and why the model matters more than the brand.

Aug 7, 20257 min read
Industry Analysis

How AI Code Generation Is Changing the Shape of the OWASP...

AI coding assistants are quietly reshuffling the OWASP Top Ten, elevating software supply chain risk and reviving old injection bugs at machine speed.

Aug 6, 20257 min read
Industry Analysis

Common Insecure Suggestions in SQL and Auth Code from AI ...

Across studies from Stanford to BaxBench, AI assistants keep suggesting string-concatenated SQL and hardcoded JWT secrets. Here is the pattern, by the numbers.

Aug 6, 20258 min read
appsec (Page 21) — Safeguard Blog