Three Ways to Empower Remote Threat Modeling
We’re all living in this new world where we’re working from home. The question we pose is, 'How will we make progress on rolling out threat modeling when we can’t meet with people face to face and...
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Empower Your Developers, Secure Your APIs: Free OWASP Top 10 Training
The digital world thrives on APIs, the connectors that power seamless interactions between applications and services....
What You Need To Know About Secure Coding Training for PCI DSS v4.0 Requirements
The latest version of the Payment Card Industry Data Security Standard (PCI DSS), version 4.0, was released in March 2022. Although the requirements won't take effect until 2025, it's crucial to start preparing now.
Read More
Posts by Security Journey/HackEDU Team
You Cannot Hack Yourself Secure
Are hacking and penetration testing the great solution to your security woes? That’s what you’ll hear from security conference speakers, who focus more on these topics than any other discipline in...
4 Steps to Transforming Developers Into Security People
This post was written by Chris Romeo during his tenure at Security Journey.
Developers are everywhere because software is everywhere. Try to think of an organization that doesn’t employ at least a...
How to prevent SQL Injection Vulnerabilities: How Prepared Statements Work
SQL Injection is a software vulnerability that occurs when user-supplied data is used as part of a SQL query. Due to improper validation of data, an attacker can submit a valid SQL statement that changes the logic of the initial query used by the application.
How To Create a Successful Secure Coding Training Plan
Developing a secure coding training plan for developers and Quality Assurance engineers can be a challenge. How can you develop a plan that reduces vulnerabilities, doesn’t take time away from...
PCI Secure Software Lifecycle (Secure SLC)
Ever since its formation in 2006, the PCI Security Standards Council (PCI SSC) has worked to improve the security of payment solutions and protect merchants against the latest security threats. In...
How to Go Beyond PCI Compliance to Secure Your Organization: Requirements 8-12
The State of DevSecOps: 5 Best Practices From the Front Lines
This post was written by Chris Romeo during his tenure at Security Journey.
Ladies and gentlemen, citizens of the Internet, could this be the year when DevSecOps finally catches on everywhere?
How to Go Beyond PCI Compliance to Secure Your Organization: Requirements 4-7
In the second installment in this series, we introduced how payment processing works and explained the first three PCI requirements. In this post we will explore the next four PCI DSS requirements,...
How to Go Beyond PCI Compliance to Secure Your Organization: Requirements 1-3
In the first post of this series, we discussed the Payment Card Industry Data Security Standard (PCI DSS), why it is important, and what the consequences are of being non-compliant. We also explained...
How to Go Beyond PCI Compliance Requirements to Secure Your Organization: Introduction
In 2000, the number of websites skyrocketed to 17 million, with more than 400 million internet users. Shortly after, a growing number of online stores came online, eager to capitalize on the...
Same-Origin Policy And Cross-Origin Resource Sharing (CORS)
Modern web browsers provide many built-in security mechanisms to defend against attackers.