sast
Safeguard articles tagged "sast" — guides, analysis, and best practices for software supply chain and application security.
267 articles
Application Security Vulnerability Management: A Working Workflow
A concrete workflow for application security vulnerability management, from scan to fix to verified close, that survives contact with a real release calendar.
False Positives in Cyber Security: Why They Happen and How to Cut Them
A scanner that cries wolf gets ignored. Here's why false positives pile up in security tooling and the concrete changes that actually reduce them.
Security Testing in the Software Development Lifecycle
Security testing for software development only works when it's distributed across the SDLC, not bolted on as a single pre-release gate — here's where each test type actually belongs.
What Is Checkmarx? A Plain-English Overview
Checkmarx is one of the oldest names in static analysis, built for large enterprises with dedicated security teams. Here's what it actually does and how it stacks up.
Code Injection in Python: How It Happens and How to Prevent It
Code injection python vulnerabilities almost always trace back to eval, exec, or a template engine handed untrusted input; here is how the attack works and how to close it off.
Static Code Analysis in Cyber Security: What It Actually Does
Static code analysis in cyber security means scanning source code without running it to catch injection flaws, hardcoded secrets, and unsafe patterns before they ship — here's what it catches and what it misses.
DevSecOps Tools Comparison 2025: Choosing the Right Stack
The DevSecOps tooling landscape has exploded. From SAST to SCA to SBOM management, this guide compares the major categories and helps you build a coherent security toolchain.
Secure Code Review: A Practical Checklist
Secure code reviews catch a different category of bug than functional code review, and having a repeatable checklist keeps reviewers from relying on memory for the same handful of recurring flaws.
Mobile Security Testing for iOS and Android Apps
Mobile apps fail in ways web apps don't — insecure local storage, weak certificate pinning, reverse-engineerable binaries — and testing them requires methods most web-focused AppSec programs never built.
SAST, DAST, and IAST: The Three Application Testing Types
SAST DAST IAST are three distinct testing approaches that catch different bug classes at different stages — here's how each actually works and when to run which.
Use-After-Free Vulnerabilities: How They're Exploited
A use-after-free exploit turns a dangling pointer into arbitrary code execution — here's how the bug class works, why it still dominates browser and kernel CVEs, and how to catch it before release.
XXE Attack Walkthroughs: What a Good Demo Actually Shows
Most XXE video walkthroughs stop at proof-of-concept file reads — here's what a genuinely useful one covers, plus the Java fix that actually closes the hole.