Safeguard
Tag

appsec

Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.

339 articles

AppSec

Web Session Security: A Practical Guide

Web session security is the set of controls that keep a logged-in user's session token from being stolen, guessed, or reused by an attacker — and most of it comes down to a handful of cookie flags and lifecycle rules teams routinely skip.

Jun 11, 20255 min read
SecOps

Vulnerability Assessment Services: What's Actually Included

Vulnerability assessment services bundle scanning, triage, and remediation tracking — but the scope varies widely between vendors, and knowing what's actually included changes what you should pay.

Jun 11, 20255 min read
Vulnerabilities

Stored XSS: Why Persistent Injection Hurts Most

Stored XSS saves the attacker's script server-side and serves it to everyone. Here is why persistent injection is the most damaging XSS variant and how to stop it.

Jun 3, 20256 min read
Security Concepts

The Threat Modeling Process, Step by Step

Threat modeling answers four questions: what are we building, what can go wrong, what are we doing about it, and did we do enough? A concrete step-by-step process your team can run in an afternoon.

Jun 3, 20256 min read
AppSec

Open Redirect Vulnerabilities: How Attackers Abuse Them

An open redirect attack abuses a trusted domain's own redirect functionality to send victims to a malicious site — low severity on its own, but a key ingredient in phishing and OAuth token theft.

May 27, 20256 min read
Comparisons

What Is Checkmarx? A Plain-English Overview

Checkmarx is one of the oldest names in static analysis, built for large enterprises with dedicated security teams. Here's what it actually does and how it stacks up.

May 27, 20254 min read
Best Practices

Enterprise Rails Security Audit: 2025 Field Notes

After 14 Rails audits in the last 12 months, the same eight issues kept surfacing. Here's the 2025 field checklist for Rails 7.2 and 8.0 enterprise apps.

May 16, 20255 min read
AppSec

Open Source SAST Tools Worth Evaluating

A rundown of the open source SAST tools engineering teams actually use in production, and where each one runs out of road.

May 14, 20255 min read
AppSec

Code Injection in Python: How It Happens and How to Prevent It

Code injection python vulnerabilities almost always trace back to eval, exec, or a template engine handed untrusted input; here is how the attack works and how to close it off.

May 14, 20256 min read
AppSec

Website Vulnerability Scanners: How They Work and What They Miss

How a website vulnerability scanner crawls, fuzzes, and fingerprints your app, plus the whole classes of flaws it structurally cannot find on its own.

May 13, 20256 min read
AppSec

Web Application Penetration Testing: What to Expect

A real web application penetration test follows a scoped, multi-phase process — here's what happens before, during, and after the engagement so the report doesn't surprise you.

May 9, 20255 min read
AppSec

JavaScript Vulnerability Scanners: How They Actually Work

A javascript vulnerability scanner has to reason about a dynamically typed, dependency-heavy language — which is why the good ones combine static analysis with dependency-graph lookups rather than relying on either alone.

May 6, 20255 min read
appsec (Page 24) — Safeguard Blog