Application Security
API Security Testing Against the OWASP API Top 10: A Hands-On Guide
APIs are now the primary attack surface for most applications. Here is how to test for the OWASP API Security Top 10 risks systematically.
Nov 5, 20237 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
APIs are now the primary attack surface for most applications. Here is how to test for the OWASP API Security Top 10 risks systematically.
How TypeScript's type system helps catch security bugs at compile time, and what it cannot protect you from.
PWAs blur the line between websites and applications. Their security model is browser-based, which introduces different risks than native applications.
CVE-2023-44487 exploits a design flaw in HTTP/2 to amplify DDoS attacks, enabling record-breaking attacks peaking at 398 million requests per second.
JSON is the lingua franca of APIs, but the libraries that parse it have had serious security issues. Here is what to watch for in your stack.
Securing Spring Boot applications with dependency management BOMs, vulnerability scanning, and hardened configurations.
APIs are both an attack surface and a supply chain dependency. This guide examines API security risks from authentication to third-party integrations.
Enterprise DAST tools differ in how they handle modern application architectures, API testing, and CI/CD integration. Here is what to evaluate when choosing a DAST solution.
Server-Side Template Injection turns template engines into code execution engines. This guide covers SSTI in Jinja2, Twig, Freemarker, and other engines, with detection techniques and layered defenses.
Weekly insights on software supply chain security, delivered to your inbox.