Safeguard
Tag

appsec

Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.

339 articles

Security Concepts

Product Security vs Application Security: What's the Difference

Application security protects the code and runtime of a single piece of software; product security is the broader discipline covering that software's entire lifecycle, including hardware, supply chain, and how customers actually use it.

May 6, 20255 min read
AppSec

Free Web Security Scanners: What to Expect From the Free Tier

What a free web security scanner will and won't catch, how the free tiers of popular tools are actually limited, and when you need to pay for real coverage.

May 2, 20255 min read
Security Concepts

A Threat Model Example, Walked Through Step by Step

The fastest way to understand threat modeling is to watch one built end to end — this walks through a real threat model example for a simple login and payment flow.

Apr 29, 20255 min read
Vulnerabilities

SQL Injection Prevention Cheat Sheet

A practitioner's SQL injection cheatsheet: parameterized queries, safe ORM use, input validation, least privilege, and the exact patterns to ban in review.

Apr 22, 20256 min read
Vulnerabilities

XSS Examples: Real Payloads and How They Execute

Concrete XSS examples across HTML, attribute, and JavaScript contexts, with the payloads that trigger them and why each one runs.

Apr 22, 20256 min read
AppSec

Static Code Analysis Tools: The Open Source Options

Static code analysis tools open source teams actually use — Semgrep, CodeQL, Bandit, ESLint security plugins — and where each one's coverage runs out.

Apr 17, 20255 min read
Cloud Security

Cloud Application Security Best Practices

Five layers cover most of the risk in cloud apps: identity, secrets, artifact scanning, pipeline gates, and runtime guardrails. Here is how to build each one without slowing delivery.

Apr 16, 20255 min read
AppSec

SAST vs DAST: When to Use Each (and Why Not Either/Or)

SAST and DAST test different layers of an application at different stages of the pipeline — the real question isn't which to pick, it's how to run both without duplicating effort.

Apr 16, 20255 min read
AppSec

LDAP Injection Attacks: How They Work and How to Prevent Them

LDAP injection lets an attacker manipulate directory-service queries by inserting special filter characters into user input, often bypassing authentication entirely — here's how the attack works and how to stop it.

Apr 14, 20256 min read
AppSec

Secure Code Review: A Practical Checklist

Secure code reviews catch a different category of bug than functional code review, and having a repeatable checklist keeps reviewers from relying on memory for the same handful of recurring flaws.

Apr 9, 20255 min read
Vulnerabilities

Preventing SQL Injection: A Defense-in-Depth Approach

Parameterized queries stop most SQL injection, but the attacks that make it to production usually slip past a single control — here's the layered defense that catches the rest.

Mar 18, 20256 min read
AppSec

Use-After-Free Vulnerabilities: How They're Exploited

A use-after-free exploit turns a dangling pointer into arbitrary code execution — here's how the bug class works, why it still dominates browser and kernel CVEs, and how to catch it before release.

Mar 18, 20256 min read
appsec (Page 25) — Safeguard Blog