What is the S-SDLC or Secure SDLC?
There was a point in time when the only thing that mattered when it came to software development was that functional software was deployed in the stipulated time.
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Empower Your Developers, Secure Your APIs: Free OWASP Top 10 Training
The digital world thrives on APIs, the connectors that power seamless interactions between applications and services....
What You Need To Know About Secure Coding Training for PCI DSS v4.0 Requirements
The latest version of the Payment Card Industry Data Security Standard (PCI DSS), version 4.0, was released in March 2022. Although the requirements won't take effect until 2025, it's crucial to start preparing now.
Read More
Learn About ‘Application Security (6)’
What is Threat Modeling? (Practical Guide + Threat Modeling Template)
Threat Modeling is the process of identifying risks to a system. This includes defining potential threats, identifying issues that could arise from these threats, and developing mitigation strategies.
Finding Vulnerabilities: Differences among Vulnerability Scanning, Pen Testing, Bug Bounty, Red Team and Purple Team Compared
When designing systems to be impervious to outside activity, you should always aim to be at least two steps ahead of your adversaries. Whatever it is that you want to protect, whether it’s a physical...
What Are Git Hooks?
Hooks are scripts that run at different steps during the commit process. They are completely customizable and will trigger events at key points during the development life cycle. Some examples of...
How Security Champions Help Improve Application Security
Application security is a major concern for many organizations. In 2020, over 23,000 new vulnerabilities were discovered and publicly reported in production applications. On average, a codebase ...
Why developers dislike security—and what you can do about it
This post was written by Chris Romeo during his tenure at Security Journey. This article originally appeared on TechBeacon.com on May 18, 2021. You can access it here.
What Are Bug Bounty Programs, And Why Are They Becoming So Popular?
Some organizations run bug bounty programs as a way to identify and fix vulnerabilities within their production applications. A bug bounty program gives ethical hackers permission to test if an...
How Secure Coding Training Fits Into The Shift Left Movement
In the past, security was not seen as a priority during the development process. Often, developers would only perform vulnerability scans and security audits as part of the testing phase of the...
How (and Why) to Teach Developers to Think Like Hackers
Coaches of sports teams would relish the chance to know their opponents' offensive playbook, so that they can prepare the right defensive schemes. Debate experts say you should understand your...
How to Shift Left and Increase Long-Term Efficiency
In software development, issues become more time-consuming and more expensive the longer it takes to find and fix them. Find defects too late in the development cycle, and you could risk a delayed...
How to Add Automation into a Secure SDLC
Many software and app companies have looked to automated operations to create a more streamlined and efficient development process. Adding the right tools to CI/CD workflows can save developers time and alleviate some of the burden of manual work. In DevSecOps, these tools automatically search for vulnerabilities, raise a flag when they find them, and provide information about how to fix them.
3 Steps To Overcoming the Shortage in Security Talent (Hint: You Already Have What You Need)
According to the 2019/2020 Official Annual Cybersecurity Jobs Report, an estimated 3.5 million cybersecurity jobs will go unfilled in 2021. While attracting candidates from such a limited talent pool...