Safeguard
Tag

appsec

Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.

339 articles

Application Security

What OpenAI and Anthropic Ecosystem Partnerships Signal A...

OpenAI and Anthropic's expanding ecosystem deals are an AI model vendor security partnership signal AppSec teams can no longer afford to ignore.

Jul 15, 20258 min read
Application Security

Why Systems Integrators Are Becoming Central to Enterpris...

As regulations like NIST SSDF, DORA, and the EU Cyber Resilience Act raise the bar, systems integrators are taking the lead role in enterprise AppSec rollouts.

Jul 14, 20257 min read
AppSec

Security Plugins for CMS and App Platforms: What They Actually Do

A security plugin can harden a CMS meaningfully, but it can't fix a vulnerable core install or a poorly coded theme — it's a layer, not a replacement for patching.

Jun 30, 20255 min read
AppSec

Blind SQL Injection: A Practical Cheat Sheet

This blind sql injection cheat sheet covers how boolean-based and time-based blind attacks actually work, why they succeed against apps with no visible error output, and how to close them off.

Jun 27, 20256 min read
AppSec

Application Layer Security: What It Covers (and What It Doesn't)

Application layer security protects the code, logic, and APIs at the top of the OSI stack, but it's easy to confuse it with network or infrastructure security controls that solve a different problem.

Jun 25, 20255 min read
AppSec

Application Vulnerability Testing Methods, Compared

Application vulnerability testing spans static analysis, dynamic testing, dependency scanning, and manual review — each catches a different slice of application security vulnerabilities, and none covers all of them alone.

Jun 25, 20256 min read
Culture

CTF Cyber Security Competitions Worth Trying

A practical rundown of CTF cyber security formats and specific competitions worth an engineer's time, and how the skills transfer directly back to application security work.

Jun 24, 20255 min read
AppSec

API Security Scanning: What Good Tools Actually Catch

API security scanning explained in terms of the specific failure classes it catches, from broken object-level authorization to shadow endpoints, and why generic web scanners miss most of them.

Jun 24, 20255 min read
AppSec

Application Vulnerability Assessment: Scope, Method, and Reporting

Most assessment reports die unread because scope was fuzzy and findings were not verified. A working method for assessments that end in shipped fixes.

Jun 24, 20255 min read
AppSec

Code Scanning Tools: SAST, Secrets, and Linters Compared

SAST tools, secret scanners, and linters all read your source code but catch entirely different classes of problems — here's how to tell them apart and stack them correctly.

Jun 24, 20255 min read
AppSec

The OWASP API Security Top 10: Each Risk Explained

The OWASP API Top 10 is a ranked list of the most common API-specific vulnerability classes, from broken object level authorization to unsafe consumption of third-party APIs.

Jun 19, 20255 min read
AppSec

DAST Testing: How Dynamic Scans Probe Running Applications

DAST testing attacks your app the way an outsider would — no source code, just HTTP requests against a running target. Here is how the scan works, what it catches that SAST misses, and where it falls short.

Jun 18, 20257 min read
appsec (Page 23) — Safeguard Blog