What Are Git Hooks?
Hooks are scripts that run at different steps during the commit process. They are completely customizable and will trigger events at key points during the development life cycle. Some examples of...
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Developer-Tailored Secure Code Training: A New Approach from Security Journey
Security training for developers has traditionally been a one-size-fits-all experience—generic, compliance-driven, and...
New Content for Your Most Pressing & Emerging Vulnerabilities: AI/LLM & CWE Top 25
At Security Journey, we continuously evolve our training content to help organizations stay ahead of the most pressing...
Learn About ‘Application Security (7)’
How Security Champions Help Improve Application Security
Application security is a major concern for many organizations. In 2020, over 23,000 new vulnerabilities were discovered and publicly reported in production applications. On average, a codebase ...
Why developers dislike security—and what you can do about it
This post was written by Chris Romeo during his tenure at Security Journey. This article originally appeared on TechBeacon.com on May 18, 2021. You can access it here.
What Are Bug Bounty Programs, And Why Are They Becoming So Popular?
Some organizations run bug bounty programs as a way to identify and fix vulnerabilities within their production applications. A bug bounty program gives ethical hackers permission to test if an...
How Secure Coding Training Fits Into The Shift Left Movement
In the past, security was not seen as a priority during the development process. Often, developers would only perform vulnerability scans and security audits as part of the testing phase of the...
How (and Why) to Teach Developers to Think Like Hackers
Coaches of sports teams would relish the chance to know their opponents' offensive playbook, so that they can prepare the right defensive schemes. Debate experts say you should understand your...
How to Shift Left and Increase Long-Term Efficiency
In software development, issues become more time-consuming and more expensive the longer it takes to find and fix them. Find defects too late in the development cycle, and you could risk a delayed...
How to Add Automation into a Secure SDLC
Many software and app companies have looked to automated operations to create a more streamlined and efficient development process. Adding the right tools to CI/CD workflows can save developers time and alleviate some of the burden of manual work. In DevSecOps, these tools automatically search for vulnerabilities, raise a flag when they find them, and provide information about how to fix them.
3 Steps To Overcoming the Shortage in Security Talent (Hint: You Already Have What You Need)
According to the 2019/2020 Official Annual Cybersecurity Jobs Report, an estimated 3.5 million cybersecurity jobs will go unfilled in 2021. While attracting candidates from such a limited talent pool...
HackEDU Adaptive Training Plans
HackEDU integrates with the most popular SAST and DAST tools, bug bounty platforms, SCA tools, code repositories, and issue trackers. An adaptive training plan is created automatically with HackEDU’s hands-on lessons for each software developer based on dozens of variables about the vulnerabilities found in your applications and the developer’s performance.
SAST vs DAST vs IAST
In the last twenty years, software applications have changed the way we work or do business. Software and in particular web applications store and handle increasingly more sensitive data. According...
How to Run an Effective Application Security Program Remotely
The good news is that running an effective application security program remotely is no different than running it in the office. However, the reality is that most companies are not at the point of...