security-testing
Safeguard articles tagged "security-testing" — guides, analysis, and best practices for software supply chain and application security.
18 articles
Red team vs. blue team fundamentals: how to structure the exercise
MITRE ATT&CK went public in May 2015 to give red and blue teams a shared language — most organizations still run the two in total isolation.
Security Regression Testing: Make Sure Fixed Vulnerabilities Stay Fixed
A vulnerability you patched last quarter that quietly comes back this quarter is worse than one you never fixed — because you thought it was handled. Here is how to build security regression testing that keeps fixes fixed.
Semgrep Cloud vs GitHub CodeQL: comparing SAST engines in 2026
How Semgrep Cloud and CodeQL compare on rule authoring, language coverage, performance, and pull request ergonomics for static analysis programs.
How to scope a penetration test and define rules of engag...
A practical guide to scoping a pentest and writing penetration testing rules of engagement, covering targets, timing, methodology, and legal sign-off.
Dynamic Scanning, Explained for Engineers Who Aren't Security Specialists
Dynamic scanning tests a running application the way an attacker would, by sending it requests and watching what comes back. Here's what that actually involves and when it's the right tool.
Security Testing for LLM-Powered Applications
Applications built on large language models introduce novel attack surfaces that traditional security testing does not cover. This guide addresses the specific testing methodologies needed for LLM applications.
What is Red Teaming
Red teaming emulates a real adversary to test not just your defenses but your ability to detect and respond. Here's how it works and how it differs from a pentest.
What is a Security Audit
A security audit is an evidence-based check that your controls actually meet a standard. Here's the process, the main frameworks, and how it differs from a pentest.
What is Fuzzing
Fuzzing feeds programs malformed input at machine speed to trigger crashes and expose memory-safety bugs. Here's how fuzz testing works and why it matters.
Security Testing for Data Pipelines: A Practical Guide
Data pipelines ingest, transform, and move sensitive information across systems. Here is how to identify and address the security risks that traditional application testing misses.
What is RASP
RASP runs inside an application and blocks attacks in real time, from the inside out. Here's how it works, how it differs from a WAF, and where it fits.
What is IAST
IAST instruments a running application from the inside to find vulnerabilities with very low false positives. Here's how it works and how it compares to SAST and DAST.