runtime-security
Safeguard articles tagged "runtime-security" — guides, analysis, and best practices for software supply chain and application security.
56 articles
IAST vs RASP: Runtime Protection Approaches Compared
Interactive Application Security Testing and Runtime Application Self-Protection both operate at runtime, but they serve different purposes. Here is how they compare and when to use each.
Deno's Permission-Based Security Model: What It Gets Right and Where It Falls Short
Deno was built with security as a first-class concern, requiring explicit permissions for file, network, and environment access. Here is an honest assessment of what that model delivers in practice.
Container Escape Techniques in 2023: What's Changed and What Hasn't
Container escapes remain a real threat in multi-tenant environments. A look at the latest techniques, CVEs, and defenses as container security matures in 2023.
Deno Security Model Advantages: Runtime Permissions Done Right
Deno requires explicit permission grants for file, network, and environment access. This capability-based model changes the supply chain risk equation.
Runtime SBOM vs. Build-Time SBOM: Which Do You Actually Need?
Build-time SBOMs capture what goes into your software; runtime SBOMs capture what actually runs. Understanding the difference is critical for accurate vulnerability management.
IAST Explained: Why Instrumented Security Testing Catches What Others Miss
IAST combines the precision of SAST with the realism of DAST. Here is how it works, where it fits, and what it actually costs to deploy.
Runtime vs Static Container Analysis: Complementary, Not Competing
Static scanning finds known vulnerabilities. Runtime analysis finds actual exploitation. Using only one gives you half the picture.
eBPF for Security Monitoring: What It Can and Cannot Do
eBPF is being called the future of security observability. It is genuinely powerful, but it is not a magic bullet for runtime security.