Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
File upload functionality is one of the most dangerous features in web applications. This guide covers the attack vectors, bypass techniques, and layered defenses needed to handle file uploads securely.
NIST finalized the Secure Software Development Framework in February 2022. If you sell software to the US government — or plan to — compliance is no longer optional.
Your CI/CD pipeline is a high-value target. Without proper audit logging, you will not know when it has been compromised until it is too late.
The Alpha-Omega Project, backed by $5M from Google and Microsoft, aims to improve security of the most critical open source projects. Here's what it means for the ecosystem.
Ephemeral environments — short-lived, on-demand copies of your application stack — are transforming how teams approach security testing. No more fighting over shared staging environments.
The first quarter of 2022 saw a surge in npm malware — from protestware to dependency confusion to credential-stealing packages. Here's a roundup of the most significant incidents and emerging trends.
The Conti ransomware group attacked Costa Rica's government systems so severely that the president declared a national emergency — the first time a country took such action in response to a cyberattack.
Attackers used a flash loan to temporarily gain majority voting power in Beanstalk Farms' governance system, then voted to transfer $182 million to themselves — all within a single blockchain transaction.
Attackers stole OAuth tokens from Heroku and Travis CI to access private GitHub repositories across dozens of organizations, including npm itself. The full scope of the breach took weeks to unravel.
Weekly insights on software supply chain security, delivered to your inbox.