Safeguard
Tag

runtime-security

Safeguard articles tagged "runtime-security" — guides, analysis, and best practices for software supply chain and application security.

56 articles

Open Source Security

Node.js runtime CVE roundup

A roundup of Node.js runtime CVEs since 2024 — command injection, HTTP smuggling, permission bypasses, and why runtime flaws evade typical dependency scanners.

Nov 28, 20257 min read
Buyer's Guides

Best IAST tools for runtime application security testing

A practical, no-fluff comparison of IAST tools for runtime application security testing — evaluation criteria, honest vendor tradeoffs, and where supply chain risk still slips through.

Nov 16, 20257 min read
Cloud Security

Best cloud workload protection platforms (CWPP)

An honest, no-hype comparison of leading cloud workload protection platforms — evaluation criteria, real vendor tradeoffs, and where supply chain security fits in.

Nov 15, 20257 min read
Vulnerability Analysis

CVE-2019-1075: Denial of service in .NET Core

CVE-2019-1075 is a 2019 denial-of-service flaw in .NET Core that let unauthenticated attackers crash web apps with crafted requests. Here's what to know.

Sep 20, 20257 min read
Cloud Security

Runtime Threat Detection in Cloud-Native Environments

Static analysis catches known vulnerabilities. Runtime detection catches exploitation. Here is how to implement runtime threat detection for containerized workloads.

Aug 18, 20256 min read
Application Security

eBPF and OpenTelemetry: The New Instrumentation Layer for...

eBPF and OpenTelemetry are becoming AppSec's new runtime instrumentation layer, catching supply chain attacks like the xz backdoor that static scanners miss entirely.

Jul 23, 20257 min read
Containers

Kubernetes SecurityContext, Field by Field

SecurityContext in Kubernetes is where pod and container hardening actually lives — here's what each field controls and which defaults you should never leave in place.

Jun 11, 20255 min read
Containers

Docker Container Security: A Hardening Checklist

Most container breaches trace back to a handful of avoidable mistakes — root users, bloated images, exposed sockets, unscanned dependencies. This checklist closes them, image to runtime.

Jun 10, 20257 min read
Container Security

eBPF Security Controls: A Production Experience Report

Field notes on running Tetragon, Falco, and Cilium eBPF controls in production Kubernetes clusters, with observed overhead, policy traps, and kernel constraints.

Dec 20, 20245 min read
Container Security

containerd Security Configuration Guide

containerd runs most of Kubernetes today. Its defaults are reasonable, but reasonable is not hardened. Here is how to close the gaps.

May 12, 20246 min read
Secure Development

Node.js Permission Model: Restricting What Your Code Can Do

Node.js finally has an experimental permission model. It is a significant step toward containing supply chain attacks, but it has important limitations.

Mar 18, 20245 min read
Container Security

gVisor Runtime Security Deep Dive

gVisor intercepts syscalls in userspace and implements a minimal kernel in Go. It is a genuinely different approach, with genuinely different trade-offs.

Feb 18, 20247 min read
runtime-security (Page 4) — Safeguard Blog