Security Journey Blog

Security Culture

Nov 13, 2020

6 Ways to Develop a Security Culture From Top to Bottom

With our modern dependence on technology and security, nobody would dare to make this statement. Everyone knows how crucial security is and how it must be embedded into everything an organization does. A simple glance at the news provides details on the data breach of the day tied to an application security vulnerability.

Read More - 6 Ways to Develop a Security Culture From Top to Bottom

Secure Coding Training Application Security

Oct 20, 2020

HackEDU Adaptive Training Plans

HackEDU integrates with the most popular SAST and DAST tools, bug bounty platforms, SCA tools, code repositories, and issue trackers. An adaptive training plan is created automatically with HackEDU’s hands-on lessons for each software developer based on dozens of variables about the vulnerabilities found in your applications and the developer’s performance.

Read More - HackEDU Adaptive Training Plans

Security Culture

Oct 16, 2020

The Carrot and the Stick: Security Rewards and Recognition

How do you incentivize people to participate in your security program? Are you using a carrot or a stick? Security rewards and recognition are crucial for the success of your security belt program.

Read More - The Carrot and the Stick: Security Rewards and Recognition

Research

Sep 21, 2020

Security Coaches

NOTE: This article is written based on a conversation on the Application Security Podcast with Matt McGrath, called “Security Coaches."

Read More - Security Coaches

Research

Aug 21, 2020

Threat modeling: Better Caught Than Taught

Everyone wants their engineering staff to be better at threat modeling. Security teams desire a world where developers practice a threat modeling mindset. A threat modeling mindset is where threat...

Read More - Threat modeling: Better Caught Than Taught

Secure Coding Training News and Announcements

Aug 20, 2020

HackEDU Customer Case Study

Developers Find & Fix 5.6x More Vulnerabilities with HackEDU's Training: HackEDU Case Study.

Read More - HackEDU Customer Case Study

Research

Aug 14, 2020

OWASP API Security Top 10: Get Your Dev Team Up to Speed

This post was written by Chris Romeo during his tenure at Security Journey.

Marc Andreessen famously stated in 2011 that “software is eating the world.” Now, in 2019, application programming...

Read More - OWASP API Security Top 10: Get Your Dev Team Up to Speed

Research

Jul 25, 2020

A Security Practitioner's Guide to Software Obsolescence

This post was written by Chris Romeo during his tenure at Security Journey.

Unlike wine and cheese, software does not get better with age—in fact, its security strength decreases over time. This is...

Read More - A Security Practitioner's Guide to Software Obsolescence

Research

Jul 13, 2020

How to do Application Security on a Budget

This post was written by Chris Romeo during his tenure at Security Journey.

As a bit of a thought experiment, I asked myself, “What if I had to develop an application security program with a budget...

Read More - How to do Application Security on a Budget

Research

Jul 12, 2020

A Trusted Insider's Buyers Guide to SCA

This series was born from an interview on the Application Security Podcast, season 5, episode 18. On this episode, Chris and Robert interviewed Steve Springett about the world of the secure supply...

Read More - A Trusted Insider's Buyers Guide to SCA

Research

Jun 19, 2020

Tips for Application Security Program Building

This article was born from an interview on the Application Security Podcast, season 5, episode 19 between Brook Schoenfeld and Chris Romeo / Robert Hurlbut. We began the conversation talking about...

Read More - Tips for Application Security Program Building

Research

Jun 11, 2020

Software Supply Chain Risk and SCA -- Part One

This series was born from an interview on the Application Security Podcast, season 5, episode 18. Chris and Robert interviewed Steve Springett about the world of the secure supply chain. In part...

Read More - Software Supply Chain Risk and SCA -- Part One