appsec
Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.
339 articles
What OpenAI and Anthropic Ecosystem Partnerships Signal A...
OpenAI and Anthropic's expanding ecosystem deals are an AI model vendor security partnership signal AppSec teams can no longer afford to ignore.
Why Systems Integrators Are Becoming Central to Enterpris...
As regulations like NIST SSDF, DORA, and the EU Cyber Resilience Act raise the bar, systems integrators are taking the lead role in enterprise AppSec rollouts.
Security Plugins for CMS and App Platforms: What They Actually Do
A security plugin can harden a CMS meaningfully, but it can't fix a vulnerable core install or a poorly coded theme — it's a layer, not a replacement for patching.
Blind SQL Injection: A Practical Cheat Sheet
This blind sql injection cheat sheet covers how boolean-based and time-based blind attacks actually work, why they succeed against apps with no visible error output, and how to close them off.
Application Layer Security: What It Covers (and What It Doesn't)
Application layer security protects the code, logic, and APIs at the top of the OSI stack, but it's easy to confuse it with network or infrastructure security controls that solve a different problem.
Application Vulnerability Testing Methods, Compared
Application vulnerability testing spans static analysis, dynamic testing, dependency scanning, and manual review — each catches a different slice of application security vulnerabilities, and none covers all of them alone.
CTF Cyber Security Competitions Worth Trying
A practical rundown of CTF cyber security formats and specific competitions worth an engineer's time, and how the skills transfer directly back to application security work.
API Security Scanning: What Good Tools Actually Catch
API security scanning explained in terms of the specific failure classes it catches, from broken object-level authorization to shadow endpoints, and why generic web scanners miss most of them.
Application Vulnerability Assessment: Scope, Method, and Reporting
Most assessment reports die unread because scope was fuzzy and findings were not verified. A working method for assessments that end in shipped fixes.
Code Scanning Tools: SAST, Secrets, and Linters Compared
SAST tools, secret scanners, and linters all read your source code but catch entirely different classes of problems — here's how to tell them apart and stack them correctly.
The OWASP API Security Top 10: Each Risk Explained
The OWASP API Top 10 is a ranked list of the most common API-specific vulnerability classes, from broken object level authorization to unsafe consumption of third-party APIs.
DAST Testing: How Dynamic Scans Probe Running Applications
DAST testing attacks your app the way an outsider would — no source code, just HTTP requests against a running target. Here is how the scan works, what it catches that SAST misses, and where it falls short.