Combatting the OpenSSH Vulnerability
The recent security flaw in OpenSSH sheds light on the persistent potential for vulnerabilities in even widely-used and reviewed software.
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Don't Fall for the Hacker Genius: Secure Coding is About Diligence, Not Brilliance
Many believe only brilliant minds can write secure code, but secure coding is primarily about discipline and understanding vulnerabilities. The most significant data breaches in history stemmed from preventable coding errors rather than genius hacking.
Read More
What You Need To Know About Secure Coding Training for PCI DSS v4.0 Requirements
The latest version of the Payment Card Industry Data Security Standard (PCI DSS), version 4.0, was released in March 2022. Although the requirements won't take effect until 2025, it's crucial to start preparing now.
Read More
Posts by Security Journey/HackEDU Team
OWASP Top 10 Injection Attacks Explained
In this article, we will focus on Injection Attacks and advise how to prevent them in your code. We also recommend The Diligent Developer Chronicles as a helpful training resource for your development team.
OWASP Top 10 Cryptographic Failures Explained
In this article, we will focus on Cryptographic Failures and advise how to prevent them in your code. We also recommend The Diligent Developer Chronicles as a helpful training resource for your development team.
OWASP Top 10 Broken Access Control Explained
In this article, we will focus on Broken Access Control and advise how to prevent it in your code. We also recommend The Diligent Developer Chronicles as a useful training resource for your development team.
A New Way to Train on OWASP Top 10: The Diligent Developer Chronicles
The Diligent Developer Security Awareness and Education Program is designed to raise awareness about application security and build skills across your development team to empower them to build secure software.
Why It's Important to Train More Than Just Developers
The SDLC is a complex process that involves many different roles. Traditionally, application security training has focused on developers. However, in today's world, it's also important to train non-developers on application security.
How Zoom Keeps Businesses Secure: A Secure Coding Training Case Study
“This [AppSec] doesn’t always come naturally to developers. It’s not that they don’t want to be more secure; they just don’t always know how,” said Robert Walker, who leads Secure Software Development at Zoom.
The AppSec Dilemma: Investing in Education Amidst Mass Tech Layoffs
This article was originally published on Solutions Review. From mass redundancies at Big Tech firms like Google, Meta, and Microsoft, to reducing teams in SMEs and small fintech startups, layoffs are impacting thousands of tech and cybersecurity workers.
White House Cybersecurity Strategy Implementation Plan Released: 65 Mandatory Initiatives, Increased Public-Private Partnerships
This article was originally published on CPO Magazine. The much-anticipated implementation plan for the Biden administration’s National Cybersecurity Strategy was released late last week and a flurry of work in updating and improvement is now expected, particularly at federal civilian agencies that maintain legacy systems.
How Developers Can Work With Generative AI Securely
This article was originally written by John Campbell and published on DZone. Four tips to help the SDLC strike a balance between the improved productivity that generative AI brings and the risks it poses to code security.
Security From the Start Is a Great Aspiration – But How Do We Achieve It?
This article was written by Amy Baker, Security Education Evangelist at Security Journey, for Enterprise Security Tech. In today's digital landscape, the importance of application security cannot be overstated.
What You Need To Know About Secure Coding Training for PCI DSS v4.0 Requirements
The latest version of the Payment Card Industry Data Security Standard (PCI DSS), version 4.0, was released in March 2022. Although the requirements won't take effect until 2025, it's crucial to start preparing now.