Safeguard
Tag

waf

Safeguard articles tagged "waf" — guides, analysis, and best practices for software supply chain and application security.

8 articles

AppSec

Runtime Application Security Protection (RASP), Explained

Runtime application security protection instruments your app from the inside so it can block attacks in production, not just flag them in a report.

Feb 18, 20266 min read
Vulnerability Response

CVE-2025-64446 in Fortinet FortiWeb: Patch Posture & SBOM Response

FortiWeb path traversal + RCE scored CVSS 9.1 and entered CISA KEV after months of targeted exploitation. Defender playbook for the WAF emergency.

Nov 15, 20257 min read
Vulnerabilities

Preventing SQL Injection: A Defense-in-Depth Approach

Parameterized queries stop most SQL injection, but the attacks that make it to production usually slip past a single control — here's the layered defense that catches the rest.

Mar 18, 20256 min read
Vulnerabilities

SQL Injection Prevention Techniques That Actually Work

SQL injection prevention comes down to one non-negotiable technique — parameterized queries — plus a short list of layered defenses that catch what a single control misses.

May 14, 20245 min read
Concepts

What is RASP

RASP runs inside an application and blocks attacks in real time, from the inside out. Here's how it works, how it differs from a WAF, and where it fits.

Mar 5, 20245 min read
Application Security

WAF Bypass Techniques and What They Mean for Supply Chain Security

Web Application Firewalls are a critical defense layer, but they are routinely bypassed. Understanding bypass techniques helps you build defense in depth rather than relying on a single control.

Dec 8, 20236 min read
Application Security

Runtime Application Self-Protection (RASP): A Practical Guide

RASP embeds security directly into the application runtime, detecting and blocking attacks from inside the app. It's powerful, controversial, and misunderstood. Here's what actually works.

Jun 25, 20239 min read
Application Security

WAF Rule Writing Best Practices: From Alert Fatigue to Actionable Protection

Most WAF deployments drown in false positives because the rules were never tuned. Here is how to write rules that protect without blocking legitimate traffic.

Nov 12, 20226 min read
waf — Safeguard Blog