A Developer's Guide to Attacker Motivation in the Supply Chain
This post was written by Chris Romeo during his tenure at Security Journey. This article was originally appeared on TechBeacon.com on August 16, 2021. You can access it here.
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Developer-Tailored Secure Code Training: A New Approach from Security Journey
Security training for developers has traditionally been a one-size-fits-all experience—generic, compliance-driven, and...
New Content for Your Most Pressing & Emerging Vulnerabilities: AI/LLM & CWE Top 25
At Security Journey, we continuously evolve our training content to help organizations stay ahead of the most pressing...
What is Threat Modeling? (Practical Guide + Threat Modeling Template)
Threat Modeling is the process of identifying risks to a system. This includes defining potential threats, identifying issues that could arise from these threats, and developing mitigation strategies.
Why Cybersecurity Pros Need to Learn How to Code
This article was originally appeared on at TechBeacon.com on July 6, 2021. You can access it here.
Finding Vulnerabilities: Differences among Vulnerability Scanning, Pen Testing, Bug Bounty, Red Team and Purple Team Compared
When designing systems to be impervious to outside activity, you should always aim to be at least two steps ahead of your adversaries. Whatever it is that you want to protect, whether it’s a physical...
What Are Git Hooks?
Hooks are scripts that run at different steps during the commit process. They are completely customizable and will trigger events at key points during the development life cycle. Some examples of...
What is a Capture The Flag Event, and How Does It Benefit Developers?
A Capture the Flag event, or CTF for short, is a gamified exercise designed to test cybersecurity skills. The goal of the game, much like in the live-action, outdoor game many of us remember from childhood, is to get the highest score by capturing the most flags.
How Security Champions Help Improve Application Security
Application security is a major concern for many organizations. In 2020, over 23,000 new vulnerabilities were discovered and publicly reported in production applications. On average, a codebase ...
TypeScript Doesn't Suck; You Just Don't Care About Security
The introduction of TypeScript elicited a divided reaction from the JavaScript community. Some liked the new superset, which added static and strong typing. Many hate it with a burning passion from...
Why developers dislike security—and what you can do about it
This post was written by Chris Romeo during his tenure at Security Journey. This article originally appeared on TechBeacon.com on May 18, 2021. You can access it here.
What Are Bug Bounty Programs, And Why Are They Becoming So Popular?
Some organizations run bug bounty programs as a way to identify and fix vulnerabilities within their production applications. A bug bounty program gives ethical hackers permission to test if an...
How Secure Coding Training Fits Into The Shift Left Movement
In the past, security was not seen as a priority during the development process. Often, developers would only perform vulnerability scans and security audits as part of the testing phase of the...
Top 4 Ways To Increase Completion Rates for Secure Coding Training
It’s indisputable: Secure Coding Training is effective in reducing vulnerabilities in code. That’s why more and more companies are turning to this training to help speed up software deployment and...