Safeguard
Tag

appsec

Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.

339 articles

Vulnerabilities

XXE Attack Walkthroughs: What a Good Demo Actually Shows

Most XXE video walkthroughs stop at proof-of-concept file reads — here's what a genuinely useful one covers, plus the Java fix that actually closes the hole.

Mar 18, 20255 min read
AppSec

Reading a Scan Report: What Actually Matters

Most scan reports bury the three fields that decide whether a finding needs action today — this is how to read one without drowning in noise.

Mar 18, 20255 min read
AppSec

Finding Vulnerabilities in Source Code: A Practical Method

A concrete, repeatable method for finding vulnerabilities in source code — combining static analysis, dependency scanning, and manual review without drowning your team in false positives.

Mar 14, 20257 min read
AppSec

Free Website Vulnerability Scanners: What You Actually Get

Free scanners catch the obvious stuff — missing headers, expired TLS, a handful of known CVEs — but they stop well short of what a real security program needs.

Mar 14, 20255 min read
AppSec

Application Vulnerability Management: Program Basics

A working definition of application vulnerability management and the five program elements that separate a real practice from a pile of scanner tickets.

Mar 11, 20256 min read
AppSec

What Is the NVD (National Vulnerability Database)?

The NVD is the U.S. government's repository of analyzed vulnerability data, built on top of the CVE program — here's what it actually adds, how CVE and NVD relate, and where its data comes from.

Mar 11, 20256 min read
AppSec

Static Source Code Analysis Tools: A Practical Guide

A practical walkthrough of what static source code analysis tools actually check, where they miss, and how to pick one without buying a shelf-ware scanner.

Mar 11, 20256 min read
AI Security

LLM-Augmented Bug Discovery Methodology

A practitioner's methodology for using LLMs to augment — not replace — traditional bug discovery workflows, with patterns that hold up under real review load.

Feb 25, 20259 min read
Vulnerabilities

Fixing XXE in Java: A Parser-by-Parser Hardening Guide

A parser-by-parser XXE fix for Java, covering DocumentBuilderFactory, SAXParser, XMLInputFactory, TransformerFactory, and the XML libraries that still ship unsafe defaults.

Feb 18, 20256 min read
AppSec

Bootstrapping a Secure Website Scan Workflow on a Budget

A small team can build a real scanning habit with zero budget — the trick is turning one-off checks into a repeatable workflow before traffic (and risk) grows.

Feb 18, 20256 min read
Vulnerabilities

NoSQL Injection: A Practical Tutorial

NoSQL databases don't use SQL syntax, but they're not immune to injection attacks — this NoSQL injection tutorial covers how the attack actually works against MongoDB-style queries.

Feb 11, 20255 min read
Vulnerabilities

Java Vulnerability Classes: A Reference List

A java vulnerability list organized by class — deserialization, injection, XXE, and the rest — because Java's ecosystem produces a specific, recurring set of vulnerability patterns worth knowing by name.

Feb 11, 20255 min read
appsec (Page 26) — Safeguard Blog