Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Industry Analysis

Lateral movement

A precise breakdown of what lateral movement is, the MITRE ATT&CK techniques and pivoting methods attackers use, and how to detect them before they spread.

Feb 26, 20268 min read
Industry Analysis

Insecure deserialization attack

A precise breakdown of what is an insecure deserialization attack, how object injection and gadget chains work in Java and Python, and how to defend against them.

Feb 25, 20267 min read
Industry Analysis

Java Security Explained

Java security failures like Log4Shell exposed 3 billion devices — here's why Java's dependency depth makes it uniquely risky, and how to fix it fast.

Feb 24, 20268 min read
Compliance

SOC 2 Type II

What is SOC 2 Type II? A clear breakdown of the audit report, Trust Services Criteria, and how it differs from Type I — with real audit examples.

Feb 23, 20267 min read
Industry Analysis

PHP Security Explained

PHP still runs ~74% of the web. From the 2024 PHP-CGI RCE to WordPress plugin flaws, here's what actually breaks PHP apps in production.

Feb 23, 20268 min read
SBOM

How to set up SBOM generation in a CI pipeline

Learn how to build an SBOM generation CI pipeline with Syft and GitHub Actions, covering scanning, signing, storage, and verification for supply chain visibility.

Feb 21, 20268 min read
Cryptography

How to set up HashiCorp Vault for secrets management

A step-by-step guide to set up HashiCorp Vault for secrets management, covering installation, dynamic secrets, Kubernetes integration, and verification steps.

Feb 20, 20267 min read
Best Practices

What is Encryption

Encryption converts readable data into ciphertext using algorithms and keys. Here's how AES, RSA, and TLS actually work — and where implementations fail.

Feb 18, 20266 min read
Vulnerability Analysis

What Was the Heartbleed Bug

A deep dive into CVE-2014-0160 (Heartbleed): the OpenSSL heartbeat flaw, its severity, exploitation timeline, and how to remediate it today.

Feb 12, 20269 min read
Regulatory Compliance

How to implement GDPR technical and organizational measures

A practical, engineering-first walkthrough for GDPR technical measures implementation: encryption, access control, minimization, and verification steps.

Feb 11, 20267 min read
Vulnerability Analysis

The event-stream npm Attack Explained

In 2018, a hijacked npm maintainer account turned event-stream into a supply chain weapon against crypto wallets. Here's the full CVE-style breakdown.

Feb 10, 20267 min read
DevSecOps

How to secure Jenkins pipelines

A step-by-step guide to secure Jenkins pipelines: hardening the controller, fixing credentials management, RBAC setup, agent isolation, and supply chain verification.

Feb 10, 20268 min read
software-supply-chain (Page 18) — Safeguard Blog