Same-Origin Policy And Cross-Origin Resource Sharing (CORS)
Modern web browsers provide many built-in security mechanisms to defend against attackers.
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Don't Fall for the Hacker Genius: Secure Coding is About Diligence, Not Brilliance
Many believe only brilliant minds can write secure code, but secure coding is primarily about discipline and understanding vulnerabilities. The most significant data breaches in history stemmed from preventable coding errors rather than genius hacking.
Read More
What You Need To Know About Secure Coding Training for PCI DSS v4.0 Requirements
The latest version of the Payment Card Industry Data Security Standard (PCI DSS), version 4.0, was released in March 2022. Although the requirements won't take effect until 2025, it's crucial to start preparing now.
Read More
Learn About ‘Application Security (8)’
Secure Software Development Defined
Software development follows what is called a Software Development Lifecycle, or S D L C. It is a process used for developing software.
Why You Need a Vulnerability Disclosure Response Plan & How to Develop One
Most companies have an Incident Response Plan these days.
Common Federated Identity Protocols: OpenID Connect vs OAuth vs SAML 2
When it comes to federated identity there are three major protocols used by companies: OAuth 2, OpenID Connect, and SAML.
DevSecOps Best Practices
You’ve decided to integrate DevSecOps into your software development operations. That’s an important first step to improving your product’s overall security by including it into the development...
What Is DevSecOps?
DevOps, that combination of software development and IT operations, is designed to improve the development life cycle, getting software to market quicker and improve overall deployment.
What Are Security Champion Responsibilities?
Your company has decided to add security champions to improve your overall security postures, and you’ve chosen great candidates to take on this role.
Apache Struts 2 Namespace (CVE-2018-11776) Vulnerability
On 22 August 2018, a Semmle security researcher disclosed a critical vulnerability affecting the versions
2.3 to 2.3.34 and 2.5 to 2.5.16 of Apache Struts 2, one of the most used Java-based web application frameworks.
How Do You Select Security Champions?
Security champions should be an integral part of your security team. When this position was first introduced five or so years ago as part of the cybersecurity structure, the security champion was...
Top 6 Application Security Must Dos with Limited Resources
The vast majority of application security teams are under resourced. The ideal is that application security teams will scale with development teams, but this rarely happens. Given this disadvantage,...
OWASP Top 10 Mini Series - Command Injection Cheat Sheet
Command injection is similar to SQL injection, but instead of injecting into a SQL query, you are injecting a command into the Operating System. User data can be input to alter the intent of the command that is being executed.
OWASP Top 10 Mini Series - SQL Injection
SQL Injection vulnerability allows attackers to alter database queries to take actions other than what the developer intended. This could allow an attacker to bypass authentication, steal data, alter site and database contents, or even destroy your database.