Safeguard
Tag

appsec

Safeguard articles tagged "appsec" — guides, analysis, and best practices for software supply chain and application security.

339 articles

Vulnerabilities

CSRF Attacks: How They Work and How Tokens Stop Them

A CSRF attack rides a logged-in user's browser to forge requests they never meant to send. Here is the mechanism and why anti-CSRF tokens defeat it.

May 27, 20246 min read
Vulnerabilities

SQL Injection Basics for Engineers Who Aren't Security Specialists

SQL injection is still one of the most common ways applications get breached, and the fix is usually a one-line change — this walks through the basics with a real example.

May 14, 20245 min read
Vulnerabilities

SQL Injection Prevention Techniques That Actually Work

SQL injection prevention comes down to one non-negotiable technique — parameterized queries — plus a short list of layered defenses that catch what a single control misses.

May 14, 20245 min read
DevSecOps

DevSecOps Definition: How It Differs From DevOps and SecOps Alone

The devsecops definition that actually matters isn't a new tool category — it's making security a shared responsibility across the pipeline instead of a gate at the end.

May 13, 20245 min read
Vulnerabilities

Application Vulnerabilities: The Common Classes Explained

Injection, broken access control, and misconfiguration account for most real-world breaches. Here's a plain map of the classes that matter and how each one is actually exploited.

May 9, 20245 min read
DevSecOps

What Is DevSecOps? Explained in Plain Terms

A plain-terms answer to devsecops o que e, the Portuguese-language version of 'what is DevSecOps,' with the same explanation that applies regardless of what language you searched in.

May 8, 20245 min read
Vulnerabilities

XSS Script Examples, Annotated

Reading a real xss script example line by line makes cross-site scripting concrete in a way definitions rarely do — here are annotated examples across the three main XSS types.

Mar 25, 20245 min read
Vulnerabilities

XXE Attacks Explained: XML External Entity Injection

How an XXE attack turns a trusting XML parser into a file-reading, request-forging liability, with a concrete Java example and the parser flags that shut it down.

Mar 12, 20246 min read
AppSec

What Does SAST Stand For, Exactly?

SAST stands for static application security testing — analyzing source code for vulnerabilities without ever running the program, which is what separates it from every dynamic testing approach.

Mar 5, 20245 min read
How-To Guide

Building a Security Champions Program

A step-by-step guide to launching a security champions program that scales your security team's influence across engineering without hiring a dozen new AppSec engineers.

Feb 28, 20247 min read
Web Security

HTTP Request Smuggling: A Practical Guide

HTTP request smuggling exploits disagreements between frontend and backend servers about where one request ends and the next begins. This guide covers CL.TE, TE.CL, and TE.TE variants with detection and defense strategies.

Jan 5, 20246 min read
Web Security

Authentication Bypass: Common Patterns Attackers Exploit

Authentication bypass vulnerabilities let attackers access protected resources without valid credentials. This guide covers the most common bypass patterns found in modern web applications and how to prevent each one.

Jun 5, 20238 min read
appsec (Page 28) — Safeguard Blog