Safeguard
Tag

attack-surface

Safeguard articles tagged "attack-surface" — guides, analysis, and best practices for software supply chain and application security.

11 articles

Application Security

How to Discover Shadow and Undocumented APIs Before Attackers Do

A single undocumented API endpoint exposed 10 million Optus records in 2022. Here's how to find shadow APIs in production and assess their real exposure.

Jul 10, 20266 min read
Container Security

Multi-Stage Docker Builds: A Security Pattern, Not Just a Size Trick

Multi-stage builds are pitched as a way to shrink images. Their bigger payoff is security: build secrets, compilers, and toolchains that never reach production. Here is how to use them right.

Jul 8, 20265 min read
Container Security

Using jlink to Build Minimal, Lower-Attack-Surface Java Docker Images

jlink has shipped with every JDK since Java 9 in 2017, yet most Spring Boot images still ship a full 300MB+ JDK. Here's how to fix that.

Jul 8, 20266 min read
Container Security

Distroless vs Alpine: Which Base Image Is More Secure?

Alpine is tiny and familiar; distroless is tinier and shell-free. The right choice depends on what you value more — debuggability or a minimal attack surface. Here is the honest tradeoff.

Jul 5, 20265 min read
Concepts

Attack Surface Reduction: A Practical Guide

Attack surface reduction is the discipline of removing every input, interface, and privilege an attacker could reach that your system does not actually need. Here's how to inventory, shrink, and keep it small.

Jul 1, 20267 min read
Application Security

What is an Attack Surface

An attack surface is every exposed point attackers can use to get in — code, configs, credentials, and dependencies. Here's how to define, measure, and shrink it.

Apr 9, 20267 min read
Concepts

What Is Security Hardening?

Security hardening reduces a system's attack surface by removing what it does not need and configuring the rest safely. Learn the principles, benchmarks, and how to apply it.

Feb 27, 20265 min read
AI Security

Securing AI Agents: MCP Protocol Risks and Mitigations

The Model Context Protocol is transforming how AI agents interact with tools, but it introduces new attack surfaces. Here is what security teams need to understand.

Jul 22, 20256 min read
Container Security

Distroless Container Images: Stripping the Attack Surface to Nothing

Distroless images remove the shell, package manager, and everything else an attacker needs post-exploitation. Here is how to use them, what breaks, and whether the security tradeoff is worth it.

Jul 28, 20236 min read
Threat Modeling

Threat Modeling the Software Supply Chain

Traditional threat modeling focuses on your code. Supply chain threat modeling extends to every tool, dependency, and process that touches your software. Here is how to do it systematically.

Mar 22, 20238 min read
Application Security

PWA Service Worker Attack Surface: What Security Teams Overlook

Service workers give Progressive Web Apps powerful offline and caching capabilities, but they also create a persistent attack surface that outlives the browser tab. Understanding this surface is critical.

Mar 5, 20237 min read
attack-surface — Safeguard Blog