Safeguard
Tag

penetration-testing

Safeguard articles tagged "penetration-testing" — guides, analysis, and best practices for software supply chain and application security.

25 articles

DevSecOps

The secure SDLC implementation guide: gates for every phase

NIST's SSDF names four practice groups, but most teams bolt security onto one phase. Here's how to gate design, code, build, and release instead.

Jul 14, 20267 min read
Best Practices

Ethical hacking techniques, mapped to a responsible disclosure workflow

Recon, enumeration, exploitation, and privilege escalation aren't just attacker steps — Log4Shell's 15-day gap between private report and public exploit shows why each maps to a disclosure decision.

Jul 8, 20266 min read
Best Practices

Open-source penetration testing tools: a comparison guide

Nine open-source pentest tools, one decision problem: Nmap finds hosts, Metasploit exploits them, but neither replaces the other. Here's when to reach for each.

Jul 8, 20267 min read
Application Security

Vulnerability assessment vs. penetration testing

Vulnerability assessment and penetration testing solve different problems. Here's how Safeguard's supply chain approach compares to Checkmarx's AppSec platform.

Jun 28, 20267 min read
Compliance

Aikido Trust Center walkthrough: certifications, pentesti...

A walkthrough of the Aikido Security trust center: what its SOC 2, ISO 27001, and annual pentest claims actually mean, and what's missing for a real vendor risk review.

May 2, 20266 min read
Vulnerability Management

ASM vs. Penetration Testing: how they differ and work tog...

ASM and pen testing measure different things at different speeds. See how Safeguard's supply-chain-native ASM complements cloud-focused tools like Wiz—and manual testing.

Apr 23, 20268 min read
Application Security

SAST vs Penetration Testing

SAST scans code before deploy; pentesting attacks it after. Here's where each catches real vulnerabilities, where they miss, and what Log4Shell proved.

Apr 14, 20267 min read
Application Security

What is Penetration Testing

Penetration testing simulates real attacks to prove exploitability, not just list CVEs. Here's how it works, what it costs, and how often it's required.

Apr 13, 20268 min read
Application Security

What is a Vulnerability Assessment

A vulnerability assessment finds and ranks security weaknesses at scale — here's how it differs from a pentest, its five-step process, and reporting essentials.

Apr 13, 20268 min read
AppSec

Application Security Testing Services: A Buyer's Guide

A practical framework for evaluating application security testing services in 2026, from what should be included by default to the questions that separate a real program from a checkbox audit.

Feb 18, 20265 min read
Best Practices

What is a Bug Bounty Program

A bug bounty program pays researchers to find and report vulnerabilities before attackers do. Here's how they work, what they cost, and their limits.

Feb 14, 20266 min read
Vulnerability Management

How to scope a penetration test and define rules of engag...

A practical guide to scoping a pentest and writing penetration testing rules of engagement, covering targets, timing, methodology, and legal sign-off.

Feb 6, 20268 min read
penetration-testing — Safeguard Blog