Safeguard
Tag

sast

Safeguard articles tagged "sast" — guides, analysis, and best practices for software supply chain and application security.

267 articles

AppSec

SAST Tools: A Shortlist Worth Evaluating

A working sast tools list should separate what free sast tools handle well from what only becomes worthwhile once you're paying for language coverage, tuning, and CI/CD depth.

Jan 14, 20265 min read
Vulnerability Analysis

Open redirect vulnerabilities explained

Open redirect flaws (CWE-601) score as medium severity alone, but they power real phishing campaigns against Google, Amex, and Microsoft. Here's how they work and how to stop them.

Dec 12, 20257 min read
Vulnerability Analysis

Type confusion vulnerabilities explained

Type confusion bugs let attackers corrupt memory by exploiting mismatched type assumptions. See real CVEs, how JIT engines fail, and how to catch it early.

Dec 11, 20256 min read
Vulnerability Analysis

Format string vulnerabilities explained

Format string bugs let attackers turn a printf call into memory disclosure or arbitrary writes. Here's how CWE-134 works, real CVEs, and fixes.

Dec 10, 20256 min read
AppSec

Code Security Scanners: Choosing One for Your Stack

The right code security scanner depends less on which vendor's marketing sounds best and more on language coverage, false-positive rate, and whether it fits into the workflow developers already use.

Dec 2, 20255 min read
Application Security

Insufficient Encapsulation Vulnerabilities

An insufficient encapsulation vulnerability (CWE-485) exposes internal state to untrusted code. See how it drove real CVEs in Velocity, Lodash, and BeanUtils.

Nov 10, 20257 min read
Industry Analysis

Code Injection via eval() and exec() Across Languages

eval() and exec() turn dynamic code execution into remote code execution. A cross-language look at how it happens in Python, JS, PHP, and Ruby.

Nov 7, 20257 min read
Buyer's Guides

Best AI and LLM generated code security scanning tools

An honest buyer's guide to AI generated code security scanning tools: what to evaluate, how six real vendors stack up, and where they fall short.

Nov 5, 20258 min read
Comparisons

Fortify Scan vs Modern SAST Tools: What Changed

A Fortify scan still catches classic code-level flaws well, but the SAST category has moved toward faster feedback and reachability-aware prioritization since Fortify's architecture was designed.

Nov 4, 20255 min read
Tools

Semgrep Community Fall 2025: Native Windows and 3x Multicore

Semgrep's Fall 2025 Community Edition ships native Windows binaries, a memory-efficient multicore engine, and up to 3x scan speedups. We benchmarked it.

Oct 30, 20256 min read
Industry Analysis

SQL Injection Prevention in Node.js/JavaScript

SQL injection still hits Node.js apps through raw drivers, Sequelize, Prisma, and Knex alike. Here's how it happens, what safe queries look like, and how to catch it in CI.

Oct 27, 20259 min read
Industry Analysis

Path Traversal Prevention in JavaScript/Node.js with path...

path.normalize() alone will not stop path traversal in Node.js. Real CVEs like node-tar show why resolve-then-compare beats normalize-then-trust.

Oct 25, 20257 min read
sast (Page 15) — Safeguard Blog