Safeguard
Tag

threat-modeling

Safeguard articles tagged "threat-modeling" — guides, analysis, and best practices for software supply chain and application security.

29 articles

AppSec

Application Security Architecture: Design Patterns That Hold Up

Good application security architecture is a small set of repeatable patterns — trust boundaries, defense in depth, least privilege — applied consistently, not a document nobody reads.

May 19, 20266 min read
Vulnerability Management

MITRE ATT&CK Framework

MITRE ATT&CK maps 200+ attacker techniques, but runtime tools like Aqua only catch supply chain compromise after deployment. Here's the build-time gap and how to close it.

Apr 13, 20267 min read
AI Security

Why LLMs Are Structurally Insecure (and What That Means for Your Pipeline)

Language models are not insecure because of a bug you can patch. They are insecure by construction — non-deterministic, context-poisonable, and unreproducible. Here is how to reason about them without pretending otherwise.

Apr 12, 20267 min read
Application Security

What is Threat Modeling

Threat modeling finds the design flaws scanners can't see. Learn what it is, when to do it, and how Safeguard ties it to reachability analysis.

Apr 12, 20266 min read
AI Security

MCP Server Sandbox Escapes: Threat Model

A threat model for sandbox escapes in Model Context Protocol servers, mapping attack surfaces from tool execution environments to host processes and shared state.

Mar 25, 20267 min read
Threat Intelligence

The Supply Chain Attack Kill Chain: A Framework for Defense

We propose a kill chain framework specific to software supply chain attacks, mapping attacker techniques to defensive controls at each stage.

Mar 5, 20266 min read
Best Practices

What is a Trust Boundary

A trust boundary is where data crosses into a higher-privilege context and must be verified. Learn where they hide and how breaches like Log4Shell exploited them.

Feb 3, 20266 min read
Vulnerability Analysis

Business logic vulnerabilities explained

A business logic vulnerability breaks your app's rules, not its code. See how Starbucks, Shopify, and the DAO were exploited -- and how to detect and prevent it.

Dec 5, 20257 min read
DevSecOps

The Security Development Lifecycle (SDL): A Working Guide

The SDL turned security from a pre-release audit into a discipline applied at every phase of building software. What the lifecycle actually contains, where it came from, and how to run it without a Microsoft-sized team.

Oct 14, 20256 min read
AI Security

Why Autonomous Coding Agents Need Their Own Threat Model

Coding agents run with real credentials and no pause button. Here is the threat model that treats them as autonomous infrastructure, not junior developers.

Jul 21, 20257 min read
Security Concepts

The Threat Modeling Process, Step by Step

Threat modeling answers four questions: what are we building, what can go wrong, what are we doing about it, and did we do enough? A concrete step-by-step process your team can run in an afternoon.

Jun 3, 20256 min read
Security Concepts

A Threat Model Example, Walked Through Step by Step

The fastest way to understand threat modeling is to watch one built end to end — this walks through a real threat model example for a simple login and payment flow.

Apr 29, 20255 min read
threat-modeling (Page 2) — Safeguard Blog