Security Journey Blog

Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.

Stay Up-to-Date on all Security Journey news and events.

Featured Articles

Secure Coding Training

Don't Fall for the Hacker Genius: Secure Coding is About Diligence, Not Brilliance

Many believe only brilliant minds can write secure code, but secure coding is primarily about discipline and understanding vulnerabilities. The most significant data breaches in history stemmed from preventable coding errors rather than genius hacking.

Compliance & Regulations

What You Need To Know About Secure Coding Training for PCI DSS v4.0 Requirements

The latest version of the Payment Card Industry Data Security Standard (PCI DSS), version 4.0, was released in March 2022. Although the requirements won't take effect until 2025, it's crucial to start preparing now.

Topics

Learn About ‘Security Culture (5)’

Security Culture Security Journey News

Oct 25, 2022

[Dark Reading] Security Leaders are Calling for Industry to Take Action and Programmatically Improve Secure Coding Education

This article was posted on Dark Reading. Currently, none of the top 50 undergraduate computer science programs in the U.S. require a course in code or application security.

Security Culture Security Journey News

Sep 2, 2022

[Dark Reading] Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds

This article was originally posted on Dark Reading. The US government and the Open Source Security Foundation have released guidance to shore up software supply chain security, and now it's up to developers to act.

Security Culture

Aug 11, 2022

Create a Security-First Mindset Across the Full SDLC Team

When you think about how to reduce application security risks, training your development team on secure coding strategies is the first thing that comes to mind. And for good reason. Security-minded...

Security Culture

Nov 11, 2021

Explain Sigstore to Me Like I'm Five

If you have paid attention to supply chain security in 2021, you've likely heard a lot about Sigstore. If you are still not sure exactly what it is, do not worry. We will provide an explanation that even a child can follow.

Secure Coding Training Application Security Security Culture

Oct 12, 2021

How do you Train Developers in Secure SDLC Practices?

As the threat environment grows more serious, applications have become a more vulnerable part of the overall attack surface.

Secure Coding Training Security Culture

Jul 26, 2021

What is a Capture The Flag Event, and How Does It Benefit Developers?

A Capture the Flag event, or CTF for short, is a gamified exercise designed to test cybersecurity skills. The goal of the game, much like in the live-action, outdoor game many of us remember from childhood, is to get the highest score by capturing the most flags.

Application Security Security Culture

Jul 8, 2021

How Security Champions Help Improve Application Security

Application security is a major concern for many organizations. In 2020, over 23,000 new vulnerabilities were discovered and publicly reported in production applications. On average, a codebase ...

Secure Coding Training Application Security Security Culture

Jun 18, 2021

How Secure Coding Training Fits Into The Shift Left Movement

In the past, security was not seen as a priority during the development process. Often, developers would only perform vulnerability scans and security audits as part of the testing phase of the...

Security Culture

May 24, 2021

How to Put the Threat Modeling Manifesto Into Action

If you have not yet seen the Threat Modeling Manifesto, you’re missing out.

Secure Coding Training Application Security Security Culture

Feb 2, 2021

How to Shift Left and Increase Long-Term Efficiency

In software development, issues become more time-consuming and more expensive the longer it takes to find and fix them. Find defects too late in the development cycle, and you could risk a delayed...

Security Culture

Jan 29, 2021

DevOps Security Culture: 12 Fails Your Team Can Learn From

This post was written by Chris Romeo during his tenure at Security Journey.

This article was originally appeared on at TechBeacon.com on January 6, 2021. You can access it here.

Secure Coding Training Application Security Security Culture

Jan 19, 2021

3 Steps To Overcoming the Shortage in Security Talent (Hint: You Already Have What You Need)

According to the 2019/2020 Official Annual Cybersecurity Jobs Report, an estimated 3.5 million cybersecurity jobs will go unfilled in 2021. While attracting candidates from such a limited talent pool...

Security Journey Blog

Stay Up-to-Date on all Security Journey news and events.

Featured Articles

Don't Fall for the Hacker Genius: Secure Coding is About Diligence, Not Brilliance

What You Need To Know About Secure Coding Training for PCI DSS v4.0 Requirements

Learn About ‘Security Culture (5)’

[Dark Reading] Security Leaders are Calling for Industry to Take Action and Programmatically Improve Secure Coding Education

[Dark Reading] Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds

Create a Security-First Mindset Across the Full SDLC Team

Explain Sigstore to Me Like I'm Five

How do you Train Developers in Secure SDLC Practices?

What is a Capture The Flag Event, and How Does It Benefit Developers?

How Security Champions Help Improve Application Security

How Secure Coding Training Fits Into The Shift Left Movement

How to Put the Threat Modeling Manifesto Into Action

How to Shift Left and Increase Long-Term Efficiency

DevOps Security Culture: 12 Fails Your Team Can Learn From

3 Steps To Overcoming the Shortage in Security Talent (Hint: You Already Have What You Need)

Contact Us

Contact Us

Contact Us