Safeguard
Tag

runtime-protection

Safeguard articles tagged "runtime-protection" — guides, analysis, and best practices for software supply chain and application security.

10 articles

Container Security

Container escape techniques and defense in depth

CVE-2024-21626 let a leaked file descriptor turn runc exec into host root. Here's how container escapes actually work — and the layers that stop them.

Jul 15, 20266 min read
Cloud Security

Connecting build, deploy, and runtime security into one AppSec lifecycle

The XZ Utils backdoor (CVE-2024-3094) was found in the build chain; most tools that would have caught it stop at deploy. Here's how to close that gap.

Jul 11, 20267 min read
Container Security

A Practical Container Security Checklist: From Base Image to Runtime

Standard Docker Hub images ship 50-60 known CVEs on average. Here's the checklist that gets containers from base image to runtime without carrying them along.

Jul 10, 20266 min read
Cloud Security

Why static scanning misses runtime threats (the case for ...

Trivy's build-time CVE scans miss fileless malware, reverse shells, and live threats. Here's how ATT&CK-mapped runtime protection closes the gap.

Apr 28, 20268 min read
Container Security

Announcing Kubernetes workload protection in Snyk Container

Snyk added Kubernetes workload protection to Snyk Container. Here's what it does, why it matters now, and what security teams should ask before relying on it.

Apr 22, 20267 min read
Best Practices

WAF vs RASP

WAF vs RASP: how edge filtering and runtime protection differ, why Log4Shell exposed WAF blind spots, and when security teams need both layers.

Feb 18, 20266 min read
Cloud Security

What is Runtime Protection

Runtime protection catches what pre-deployment scanning can't — live attacks like the XZ Utils backdoor and Log4Shell exploitation, detected only in production.

Jan 31, 20266 min read
Concepts

What is RASP

RASP runs inside an application and blocks attacks in real time, from the inside out. Here's how it works, how it differs from a WAF, and where it fits.

Mar 5, 20245 min read
Tool Reviews

Aqua Security Platform Review: Cloud Native Security Done Right

An in-depth review of the Aqua Security platform covering container security, runtime protection, Kubernetes scanning, and how it fits into a modern DevSecOps workflow.

Jul 20, 20235 min read
Application Security

Runtime Application Self-Protection (RASP): A Practical Guide

RASP embeds security directly into the application runtime, detecting and blocking attacks from inside the app. It's powerful, controversial, and misunderstood. Here's what actually works.

Jun 25, 20239 min read
runtime-protection — Safeguard Blog