What Are Security Champion Responsibilities?
Your company has decided to add security champions to improve your overall security postures, and you’ve chosen great candidates to take on this role.
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Developer-Tailored Secure Code Training: A New Approach from Security Journey
Security training for developers has traditionally been a one-size-fits-all experience—generic, compliance-driven, and...
New Content for Your Most Pressing & Emerging Vulnerabilities: AI/LLM & CWE Top 25
At Security Journey, we continuously evolve our training content to help organizations stay ahead of the most pressing...
Learn About ‘Application Security (9)’
Apache Struts 2 Namespace (CVE-2018-11776) Vulnerability
On 22 August 2018, a Semmle security researcher disclosed a critical vulnerability affecting the versions
2.3 to 2.3.34 and 2.5 to 2.5.16 of Apache Struts 2, one of the most used Java-based web application frameworks.
How Do You Select Security Champions?
Security champions should be an integral part of your security team. When this position was first introduced five or so years ago as part of the cybersecurity structure, the security champion was...
Top 6 Application Security Must Dos with Limited Resources
The vast majority of application security teams are under resourced. The ideal is that application security teams will scale with development teams, but this rarely happens. Given this disadvantage,...
OWASP Top 10 Mini Series - Command Injection Cheat Sheet
Command injection is similar to SQL injection, but instead of injecting into a SQL query, you are injecting a command into the Operating System. User data can be input to alter the intent of the command that is being executed.
OWASP Top 10 Mini Series - SQL Injection
SQL Injection vulnerability allows attackers to alter database queries to take actions other than what the developer intended. This could allow an attacker to bypass authentication, steal data, alter site and database contents, or even destroy your database.
When Should I Launch a Bug Bounty Program?
Bug bounty programs - where individuals can receive recognition and compensation for reporting security vulnerabilities - are useful for organizations, especially when developing an application security program.
How do you start in cybersecurity?
Here are five things that have impacted me in my career, and helped me to grow both as a security person and a human being.
How developers can take the lead on security
This post was written by Chris Romeo during his tenure at Security Journey.
On the Internet, detection and reporting of vulnerabilities in software is a daily occurrence. Where do those...
4 ways to engage developers who couldn't care less about security
This post was written by Chris Romeo during his tenure at Security Journey.
You would think that there is not a single developer on earth who has avoided the impact of a data breach or security...
6 application security lessons every team should study
This post was written by Chris Romeo during his tenure at Security Journey.
When you build a skyscraper, how important is the foundation? It's crucial. Built on a weak foundation, even the most...