Why is Server-Side Request Forgery #10 in OWASP Top 10 2021?
The new #10 on the OWASP Top 10 2021 list is Server-Side Request Forgery (SSRF).
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Developer-Tailored Secure Code Training: A New Approach from Security Journey
Security training for developers has traditionally been a one-size-fits-all experience—generic, compliance-driven, and...
New Content for Your Most Pressing & Emerging Vulnerabilities: AI/LLM & CWE Top 25
At Security Journey, we continuously evolve our training content to help organizations stay ahead of the most pressing...
Posts by Security Journey/HackEDU Team
OWASP Top 10 2021: 7 Action Items for App Sec Teams
This post was written by Chris Romeo during his tenure at Security Journey. This article was originally appeared on at TechBeacon.com on October 11, 2021. You can access it here.
How do you Train Developers in Secure SDLC Practices?
As the threat environment grows more serious, applications have become a more vulnerable part of the overall attack surface.
Making Sense of OWASP A08:2021 – Software & Data Integrity Failures
New OWASP 2021 Top Ten List includes new categories. This time around, the list item number A08, Software and Data Integrity Failures, offers insight into the changing nature of application security...
OWASP Top 10 2021 List - What’s New and What Should You Do to Respond?
As you may already know, the OWASP Top 10 is an awareness document that helps developers learn about common software security issues and the corresponding remediations.
How do you Practice Secure Coding?
Developers are the foundation of an organization’s digital strategy, building the products and services that drive revenue and help their company to operate more efficiently.
We Made Some Major Improvements To Our Training
We constantly strive to improve our secure coding training platform, and as part of that effort, we pay close attention to the feedback that everyone who uses our product provides us.
What is the S-SDLC or Secure SDLC?
There was a point in time when the only thing that mattered when it came to software development was that functional software was deployed in the stipulated time.
A Developer's Guide to Attacker Motivation in the Supply Chain
This post was written by Chris Romeo during his tenure at Security Journey. This article was originally appeared on TechBeacon.com on August 16, 2021. You can access it here.
What is Threat Modeling? (Practical Guide + Threat Modeling Template)
Threat Modeling is the process of identifying risks to a system. This includes defining potential threats, identifying issues that could arise from these threats, and developing mitigation strategies.
Why Cybersecurity Pros Need to Learn How to Code
This article was originally appeared on at TechBeacon.com on July 6, 2021. You can access it here.
Finding Vulnerabilities: Differences among Vulnerability Scanning, Pen Testing, Bug Bounty, Red Team and Purple Team Compared
When designing systems to be impervious to outside activity, you should always aim to be at least two steps ahead of your adversaries. Whatever it is that you want to protect, whether it’s a physical...