Safeguard
Tag

sast

Safeguard articles tagged "sast" — guides, analysis, and best practices for software supply chain and application security.

267 articles

AppSec

Finding Vulnerabilities in Source Code: A Practical Method

A concrete, repeatable method for finding vulnerabilities in source code — combining static analysis, dependency scanning, and manual review without drowning your team in false positives.

Mar 14, 20257 min read
AppSec

Application Vulnerability Management: Program Basics

A working definition of application vulnerability management and the five program elements that separate a real practice from a pile of scanner tickets.

Mar 11, 20256 min read
AppSec

Static Source Code Analysis Tools: A Practical Guide

A practical walkthrough of what static source code analysis tools actually check, where they miss, and how to pick one without buying a shelf-ware scanner.

Mar 11, 20256 min read
AppSec

Code Security Review: Manual vs Automated, and Where They Meet

Code security review works best as a combination, not a choice — here's what automated scanning catches, what still needs a human reviewer, and how to structure both.

Feb 27, 20255 min read
Vulnerabilities

SQL Injection Detection: How Scanners Actually Find It

SQL injection detected in a scan report can mean very different things depending on whether it came from a static trace or a live dynamic test — here's how each actually works.

Feb 19, 20256 min read
AppSec

Software Security Testing: A Practitioner's Overview

Software security testing spans static analysis, dynamic testing, dependency scanning, and manual review — a practical map of which method catches what, written for people who actually run these programs.

Sep 30, 20245 min read
Vulnerability Management

Static Analysis False-Positive Reduction

A technique-by-technique tour of how modern static analyzers cut false positives, from CodeQL's path pruning to Infer's bi-abduction.

Aug 22, 20248 min read
Vulnerabilities

What Is a CSRF Token, and How Does It Stop CSRF?

A CSRF token is a random, per-session value a server requires on state-changing requests so a malicious site can't forge one on a logged-in user's behalf.

Jul 22, 20245 min read
DevSecOps

Semgrep vs CodeQL: SAST Comparison

Compare Semgrep and CodeQL on rule authoring, language coverage, taint analysis, scan time, IDE integration, and pricing to choose the right SAST engine in 2024.

Jul 8, 20245 min read
Comparisons

SCA vs SAST vs DAST: Which Do You Actually Need First

Three scanner acronyms, one budget. A spec-level comparison of SCA, SAST, and DAST — what each catches, what each costs to run, and the order that pays off fastest.

Jul 2, 20246 min read
Vulnerabilities

OWASP Path Traversal: How It Works and How to Stop It

Path traversal lets an attacker reach files outside a web app's intended directory using sequences like ../../etc/passwd — here's how it works and the fixes that actually close it.

May 14, 20245 min read
Application Security

SAST Tool Accuracy Benchmarks 2024: What the Data Actually Shows

Static Application Security Testing tools vary dramatically in accuracy. We analyze detection rates, false positive rates, and language coverage across leading SAST tools using standardized benchmarks.

May 5, 20245 min read
sast (Page 21) — Safeguard Blog