security-testing
Safeguard articles tagged "security-testing" — guides, analysis, and best practices for software supply chain and application security.
18 articles
What is Security Testing
Security testing is how teams find exploitable weaknesses before attackers do. Here's the main types — SAST, DAST, IAST, SCA, fuzzing, pentesting — and how they fit together.
Automated Security Testing in CI/CD Pipelines
A hands-on guide to embedding SAST, SCA, secret scanning, and container analysis into your CI/CD pipeline without making builds unbearably slow.
Property-Based Testing for Security: Defining Invariants That Must Never Break
Property-based testing defines invariants about program behavior and generates thousands of test cases automatically. For security code, the right properties can catch vulnerabilities that example-based tests miss.
Mutation Testing for Security Validation: Testing Your Tests
Mutation testing measures whether your security tests actually catch bugs by introducing small changes to code and checking if tests fail. Here is how to apply it to security-critical code.
Ephemeral Environments for Security Testing: A Modern Approach
Ephemeral environments — short-lived, on-demand copies of your application stack — are transforming how teams approach security testing. No more fighting over shared staging environments.
Fuzz Testing Supply Chain Components: Finding Bugs Before Attackers Do
Fuzz testing discovers crashes, memory corruption, and logic errors by feeding random inputs to software. Applied to supply chain components, it reveals vulnerabilities that code review and static analysis miss.