Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1053 articles

Identity Security

JWT (JSON Web Token)

A JWT (JSON Web Token) is a compact, signed token used to prove identity and claims between systems. Here's how they work, and where they break.

Mar 1, 20268 min read
AI Security

What is RAG (Retrieval-Augmented Generation) Security

RAG pipelines blend retrieved data with model instructions, creating prompt injection, poisoning, and embedding-leak risks traditional AppSec tools miss.

Mar 1, 20267 min read
Industry Analysis

TOCTOU (Time-of-check to time-of-use)

TOCTOU flaws let attackers swap a file or resource after it's validated but before it's used, turning a safe check into an exploitable race.

Feb 28, 20267 min read
Cryptography

HMAC

HMAC is a cryptographic construct that combines a hash function with a secret key to verify both the integrity and authenticity of a message.

Feb 28, 20267 min read
Compliance

What is the NIST Cybersecurity Framework

A breakdown of the NIST Cybersecurity Framework's six functions, its 2024 update, and why GV.SC makes it central to software supply chain security.

Feb 27, 20267 min read
Cryptography

Perfect forward secrecy

Perfect forward secrecy stops a single leaked TLS key from unlocking years of past traffic. Here's how ephemeral key exchange works, and why it matters for supply chain security.

Feb 26, 20267 min read
Cryptography

Cryptographic salt vs pepper

What is a cryptographic salt, and how does it differ from pepper in password hashing? A technical breakdown of salted hashes, bcrypt salt rounds, and best practices.

Feb 26, 20267 min read
Industry Analysis

Golden ticket attack

A golden ticket attack forges Kerberos TGTs using a stolen krbtgt hash, giving attackers persistent, near-total control over Active Directory.

Feb 25, 20268 min read
Industry Analysis

JavaScript Security Explained

JavaScript security means managing three attack surfaces: runtime bugs, browser XSS, and npm supply chain compromise — the last of which caused 2025's biggest incidents.

Feb 24, 20267 min read
Industry Analysis

Living off the land (LOTL) techniques

A precise breakdown of living off the land (LOTL) attacks: how LOLBins, fileless malware, and dual-use tool abuse let intruders hide in plain sight.

Feb 24, 20268 min read
Industry Analysis

Node.js Security Best Practices

Node.js supply chain attacks like event-stream, ua-parser-js, and Shai-Hulud show why dependency depth is the real risk -- here's what actually reduces it.

Feb 24, 20266 min read
Industry Analysis

Business email compromise (BEC)

Business email compromise (BEC) tricks employees into wiring funds or data to attackers posing as executives or vendors. Here is how BEC fraud actually works.

Feb 24, 20267 min read
supply-chain-security (Page 43) — Safeguard Blog