Safeguard
Tag

penetration-testing

Safeguard articles tagged "penetration-testing" — guides, analysis, and best practices for software supply chain and application security.

25 articles

Buyer's Guides

Best software supply chain attack simulation and red team...

A practical, no-hype comparison of supply chain attack simulation tools for red teams -- what to evaluate, six real vendors reviewed, and where Safeguard fits in.

Nov 7, 20258 min read
Application Security

Best penetration testing platforms and services

A practical, no-hype comparison of penetration testing platforms and pentest-as-a-service vendors — what to evaluate, six real providers reviewed, and where supply chain risk fits in.

Nov 6, 20257 min read
AppSec

Dynamic Scanning, Explained for Engineers Who Aren't Security Specialists

Dynamic scanning tests a running application the way an attacker would, by sending it requests and watching what comes back. Here's what that actually involves and when it's the right tool.

Nov 4, 20256 min read
SecOps

White-Box Penetration Testing: What Testers Actually See

White box penetration testing gives testers source code, architecture diagrams, and credentials up front, which finds different bugs than a black-box test — usually faster and deeper, at the cost of realism.

Nov 2, 20255 min read
SecOps

Types of Vulnerability Assessment, Explained

Not every vulnerability assessment tests the same thing. Here's how network, application, host, and wireless assessments differ, and when each one is the right call.

Feb 4, 20254 min read
Concepts

What is Red Teaming

Red teaming emulates a real adversary to test not just your defenses but your ability to detect and respond. Here's how it works and how it differs from a pentest.

Jun 20, 20245 min read
Compliance

Types of Security Audits, Explained

There isn't one kind of security audit — compliance audits, penetration tests, code audits, and architecture reviews all answer different questions and require different evidence.

May 14, 20245 min read
Offensive Security

Penetration Testing CI/CD Pipelines

Your CI/CD pipeline is a high-value target. Here's how to pen test build systems, artifact repositories, and deployment workflows for supply chain vulnerabilities.

Apr 18, 20246 min read
Web Security

Privilege Escalation in Web Applications: Attacks and Defenses

Privilege escalation vulnerabilities let attackers elevate their access level within an application. This guide covers both vertical and horizontal escalation techniques, real-world patterns, and concrete defenses.

Feb 5, 20247 min read
Offensive Security

Red Team Supply Chain Attack Simulation

How red teams can simulate real-world supply chain attacks to test organizational defenses—from dependency confusion to build pipeline compromise.

Dec 18, 20236 min read
Application Security

API Security Testing Against the OWASP API Top 10: A Hands-On Guide

APIs are now the primary attack surface for most applications. Here is how to test for the OWASP API Security Top 10 risks systematically.

Nov 5, 20237 min read
Application Security

Dynamic Application Security Testing: A Practitioner's Guide to DAST Done Right

DAST finds what source code analysis cannot. Here is how to set it up, tune it, and actually get value from it in a modern CI/CD pipeline.

Mar 18, 20237 min read
penetration-testing (Page 2) — Safeguard Blog