Security Journey Blog

Application Security Compliance & Regulations

Jan 20, 2020

How to Go Beyond PCI Compliance Requirements to Secure Your Organization: Introduction

In 2000, the number of websites skyrocketed to 17 million, with more than 400 million internet users. Shortly after, a growing number of online stores came online, eager to capitalize on the...

Read More - How to Go Beyond PCI Compliance Requirements to Secure Your Organization: Introduction

Application Security

Dec 27, 2019

Same-Origin Policy And Cross-Origin Resource Sharing (CORS)

Modern web browsers provide many built-in security mechanisms to defend against attackers.

Read More - Same-Origin Policy And Cross-Origin Resource Sharing (CORS)

Secure Coding Training Application Security

Dec 27, 2019

Secure Software Development Defined

Software development follows what is called a Software Development Lifecycle, or S D L C. It is a process used for developing software.

Read More - Secure Software Development Defined

Secure Coding Training Application Security

Dec 27, 2019

Why You Need a Vulnerability Disclosure Response Plan & How to Develop One

Most companies have an Incident Response Plan these days.

Read More - Why You Need a Vulnerability Disclosure Response Plan & How to Develop One

Secure Coding Training Application Security

Dec 27, 2019

Common Federated Identity Protocols: OpenID Connect vs OAuth vs SAML 2

When it comes to federated identity there are three major protocols used by companies: OAuth 2, OpenID Connect, and SAML.

Read More - Common Federated Identity Protocols: OpenID Connect vs OAuth vs SAML 2

Application Security

Dec 27, 2019

DevSecOps Best Practices

You’ve decided to integrate DevSecOps into your software development operations. That’s an important first step to improving your product’s overall security by including it into the development...

Read More - DevSecOps Best Practices

Application Security

Dec 26, 2019

What Is DevSecOps?

DevOps, that combination of software development and IT operations, is designed to improve the development life cycle, getting software to market quicker and improve overall deployment.

Read More - What Is DevSecOps?

Application Security Security Culture

Dec 26, 2019

What Are Security Champion Responsibilities?

Your company has decided to add security champions to improve your overall security postures, and you’ve chosen great candidates to take on this role.

Read More - What Are Security Champion Responsibilities?

Secure Coding Training Application Security

Dec 26, 2019

Apache Struts 2 Namespace (CVE-2018-11776) Vulnerability

On 22 August 2018, a Semmle security researcher disclosed a critical vulnerability affecting the versions 2.3 to 2.3.34 and 2.5 to 2.5.16 of Apache Struts 2, one of the most used Java-based web application frameworks.

Read More - Apache Struts 2 Namespace (CVE-2018-11776) Vulnerability

Application Security Security Culture

Dec 26, 2019

How Do You Select Security Champions?

Security champions should be an integral part of your security team. When this position was first introduced five or so years ago as part of the cybersecurity structure, the security champion was...

Read More - How Do You Select Security Champions?

Secure Coding Training Application Security

Dec 26, 2019

Top 6 Application Security Must Dos with Limited Resources

The vast majority of application security teams are under resourced. The ideal is that application security teams will scale with development teams, but this rarely happens. Given this disadvantage,...

Read More - Top 6 Application Security Must Dos with Limited Resources

Secure Coding Training Application Security

Dec 26, 2019

OWASP Top 10 Mini Series - Command Injection Cheat Sheet

Command injection is similar to SQL injection, but instead of injecting into a SQL query, you are injecting a command into the Operating System. User data can be input to alter the intent of the command that is being executed.

Read More - OWASP Top 10 Mini Series - Command Injection Cheat Sheet