Safeguard
Tag

security-testing

Safeguard articles tagged "security-testing" — guides, analysis, and best practices for software supply chain and application security.

18 articles

Best Practices

Red team vs. blue team fundamentals: how to structure the exercise

MITRE ATT&CK went public in May 2015 to give red and blue teams a shared language — most organizations still run the two in total isolation.

Jul 12, 20266 min read
DevSecOps

Security Regression Testing: Make Sure Fixed Vulnerabilities Stay Fixed

A vulnerability you patched last quarter that quietly comes back this quarter is worse than one you never fixed — because you thought it was handled. Here is how to build security regression testing that keeps fixes fixed.

Jul 7, 20266 min read
Vendor Comparison

Semgrep Cloud vs GitHub CodeQL: comparing SAST engines in 2026

How Semgrep Cloud and CodeQL compare on rule authoring, language coverage, performance, and pull request ergonomics for static analysis programs.

May 13, 20267 min read
Vulnerability Management

How to scope a penetration test and define rules of engag...

A practical guide to scoping a pentest and writing penetration testing rules of engagement, covering targets, timing, methodology, and legal sign-off.

Feb 6, 20268 min read
AppSec

Dynamic Scanning, Explained for Engineers Who Aren't Security Specialists

Dynamic scanning tests a running application the way an attacker would, by sending it requests and watching what comes back. Here's what that actually involves and when it's the right tool.

Nov 4, 20256 min read
AI Security

Security Testing for LLM-Powered Applications

Applications built on large language models introduce novel attack surfaces that traditional security testing does not cover. This guide addresses the specific testing methodologies needed for LLM applications.

Oct 15, 20247 min read
Concepts

What is Red Teaming

Red teaming emulates a real adversary to test not just your defenses but your ability to detect and respond. Here's how it works and how it differs from a pentest.

Jun 20, 20245 min read
Concepts

What is a Security Audit

A security audit is an evidence-based check that your controls actually meet a standard. Here's the process, the main frameworks, and how it differs from a pentest.

May 9, 20245 min read
Concepts

What is Fuzzing

Fuzzing feeds programs malformed input at machine speed to trigger crashes and expose memory-safety bugs. Here's how fuzz testing works and why it matters.

Apr 18, 20246 min read
AppSec

Security Testing for Data Pipelines: A Practical Guide

Data pipelines ingest, transform, and move sensitive information across systems. Here is how to identify and address the security risks that traditional application testing misses.

Mar 15, 20246 min read
Concepts

What is RASP

RASP runs inside an application and blocks attacks in real time, from the inside out. Here's how it works, how it differs from a WAF, and where it fits.

Mar 5, 20245 min read
Concepts

What is IAST

IAST instruments a running application from the inside to find vulnerabilities with very low false positives. Here's how it works and how it compares to SAST and DAST.

Feb 14, 20247 min read
security-testing — Safeguard Blog