Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Developer-Tailored Secure Code Training: A New Approach from Security Journey
Security training for developers has traditionally been a one-size-fits-all experience—generic, compliance-driven, and...
New Content for Your Most Pressing & Emerging Vulnerabilities: AI/LLM & CWE Top 25
At Security Journey, we continuously evolve our training content to help organizations stay ahead of the most pressing...
AppSec Things to Watch in 2022
It’s that time of the year again, where everyone under the sun comes up with predictions. We’re not fans of predictions, so instead, we give you Security Journey’s Application Security Things to...
Bridges fall down due to insecure design – make sure your web applications don’t
When it comes to the people designing the bridges I drive across, I want them to use blueprints. I want them to run their design through programs to calculate the exact weight the bridge can hold...
Explain Sigstore to Me Like I'm Five
If you have paid attention to supply chain security in 2021, you've likely heard a lot about Sigstore. If you are still not sure exactly what it is, do not worry. We will provide an explanation that even a child can follow.
Why is Server-Side Request Forgery #10 in OWASP Top 10 2021?
The new #10 on the OWASP Top 10 2021 list is Server-Side Request Forgery (SSRF).
OWASP Top 10 2021: 7 Action Items for App Sec Teams
This post was written by Chris Romeo during his tenure at Security Journey. This article was originally appeared on at TechBeacon.com on October 11, 2021. You can access it here.
How do you Train Developers in Secure SDLC Practices?
As the threat environment grows more serious, applications have become a more vulnerable part of the overall attack surface.
Making Sense of OWASP A08:2021 – Software & Data Integrity Failures
New OWASP 2021 Top Ten List includes new categories. This time around, the list item number A08, Software and Data Integrity Failures, offers insight into the changing nature of application security...
OWASP Top 10 2021 List - What’s New and What Should You Do to Respond?
As you may already know, the OWASP Top 10 is an awareness document that helps developers learn about common software security issues and the corresponding remediations.
How do you Practice Secure Coding?
Developers are the foundation of an organization’s digital strategy, building the products and services that drive revenue and help their company to operate more efficiently.
We Made Some Major Improvements To Our Training
We constantly strive to improve our secure coding training platform, and as part of that effort, we pay close attention to the feedback that everyone who uses our product provides us.
What is the S-SDLC or Secure SDLC?
There was a point in time when the only thing that mattered when it came to software development was that functional software was deployed in the stipulated time.