Adopting Long Lasting AppSec Habits For 2023
The new year is traditionally a time to make resolutions and form good habits. It’s an opportunity that many of us take in both our professional and personal lives to adopt better practices and...
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Developer-Tailored Secure Code Training: A New Approach from Security Journey
Security training for developers has traditionally been a one-size-fits-all experience—generic, compliance-driven, and...
New Content for Your Most Pressing & Emerging Vulnerabilities: AI/LLM & CWE Top 25
At Security Journey, we continuously evolve our training content to help organizations stay ahead of the most pressing...
Learn About ‘Application Security (6)’
Are You Prepared for the Non-Malicious Insider Threat?
Software supply chain risks are a highly visible part of the cybersecurity threat landscape. From President Biden’s cybersecurity executive order to Gartner including them in its 2022 list of top...
[Reversing Labs] GitHub Repojacking Attack: 10 Lessons for Software Teams
This article was written by John P. Mello Jr. for Reversing Labs. Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.
Filling the Application Security Education Gap
While we’ve seen promising steps in the right direction when it comes to application security, there is still a significant gap in secure coding knowledge across the entire software development...
Learning Swing: Measuring Knowledge Gain in Secure Coding Training Programs
A measurable increase in a learner’s knowledge after completing training is an essential component to any successful education program. Measurable knowledge gain is one way to prove your program’s effectiveness and value.
Beyond Security Awareness: Safer Apps through Education
The past decade has seen security awareness go from a new concept to a security strategy embedded in most organizations. Several regulations recommend security training but do so in very broad terms.
AppSec Things to Watch in 2022
It’s that time of the year again, where everyone under the sun comes up with predictions. We’re not fans of predictions, so instead, we give you Security Journey’s Application Security Things to...
How do you Train Developers in Secure SDLC Practices?
As the threat environment grows more serious, applications have become a more vulnerable part of the overall attack surface.
How do you Practice Secure Coding?
Developers are the foundation of an organization’s digital strategy, building the products and services that drive revenue and help their company to operate more efficiently.
What is the S-SDLC or Secure SDLC?
There was a point in time when the only thing that mattered when it came to software development was that functional software was deployed in the stipulated time.
What is Threat Modeling? (Practical Guide + Threat Modeling Template)
Threat Modeling is the process of identifying risks to a system. This includes defining potential threats, identifying issues that could arise from these threats, and developing mitigation strategies.
Finding Vulnerabilities: Differences among Vulnerability Scanning, Pen Testing, Bug Bounty, Red Team and Purple Team Compared
When designing systems to be impervious to outside activity, you should always aim to be at least two steps ahead of your adversaries. Whatever it is that you want to protect, whether it’s a physical...