Security Journey Blog

OWASP Diligent Developer

Aug 15, 2023

OWASP Top Cryptographic Failures: Definition, Examples, & Solutions

In this article, we will focus on Cryptographic Failures and advise how to prevent them in your code. We also recommend The Diligent Developer Chronicles as a helpful training resource for your development team. 

Read More - OWASP Top Cryptographic Failures: Definition, Examples, & Solutions

OWASP Diligent Developer

Aug 10, 2023

OWASP Top 10 Broken Access Control Explained

In this article, we will focus on Broken Access Control and advise how to prevent it in your code. We also recommend The Diligent Developer Chronicles as a useful training resource for your development team. 

Read More - OWASP Top 10 Broken Access Control Explained

OWASP Diligent Developer

Aug 8, 2023

A New Way to Train on OWASP Top 10: The Diligent Developer Chronicles

The Diligent Developer Security Awareness and Education Program is designed to raise awareness about application security and build skills across your development team to empower them to build secure software. 

Read More - A New Way to Train on OWASP Top 10: The Diligent Developer Chronicles

Secure Coding Training Security Culture

Aug 3, 2023

Why It's Important to Train More Than Just Developers

The SDLC is a complex process that involves many different roles. Traditionally, application security training has focused on developers. However, in today's world, it's also important to train non-developers on application security. 

Read More - Why It's Important to Train More Than Just Developers

Secure Coding Training Security Culture

Aug 1, 2023

How Zoom Keeps Businesses Secure: A Secure Coding Training Case Study

“This [AppSec] doesn’t always come naturally to developers. It’s not that they don’t want to be more secure; they just don’t always know how,” said Robert Walker, who leads Secure Software Development at Zoom. 

Read More - How Zoom Keeps Businesses Secure: A Secure Coding Training Case Study

Security Journey News

Jul 28, 2023

The AppSec Dilemma: Investing in Education Amidst Mass Tech Layoffs

This article was originally published on Solutions Review. From mass redundancies at Big Tech firms like Google, Meta, and Microsoft, to reducing teams in SMEs and small fintech startups, layoffs are impacting thousands of tech and cybersecurity workers. 

Read More - The AppSec Dilemma: Investing in Education Amidst Mass Tech Layoffs

Security Journey News

Jul 28, 2023

White House Cybersecurity Strategy Implementation Plan Released: 65 Mandatory Initiatives, Increased Public-Private Partnerships

This article was originally published on CPO Magazine. The much-anticipated implementation plan for the Biden administration’s National Cybersecurity Strategy was released late last week and a flurry of work in updating and improvement is now expected, particularly at federal civilian agencies that maintain legacy systems.

Read More - White House Cybersecurity Strategy Implementation Plan Released: 65 Mandatory Initiatives, Increased Public-Private Partnerships

Security Journey News

Jul 28, 2023

How Developers Can Work With Generative AI Securely

This article was originally written by John Campbell and published on DZone. Four tips to help the SDLC strike a balance between the improved productivity that generative AI brings and the risks it poses to code security.

Read More - How Developers Can Work With Generative AI Securely

Security Journey News

Jul 28, 2023

Security From the Start Is a Great Aspiration – But How Do We Achieve It?

This article was written by Amy Baker, Security Education Evangelist at Security Journey, for Enterprise Security Tech. In today's digital landscape, the importance of application security cannot be overstated.

Read More - Security From the Start Is a Great Aspiration – But How Do We Achieve It?

Compliance & Regulations

Jul 27, 2023

What You Need To Know About Secure Coding Training for PCI DSS v4.0 Requirements

The latest version of the Payment Card Industry Data Security Standard (PCI DSS), version 4.0, was released in March 2022. Although the requirements won't take effect until 2025, it's crucial to start preparing now. 

Read More - What You Need To Know About Secure Coding Training for PCI DSS v4.0 Requirements

Secure Coding Training

Jul 20, 2023

How to Integrate Role-Based Developer Training into Your AppSec Program

As a security awareness training program administrator, you have a lot on your plate. You're running a robust program, you are working on building a more secure culture across your organization, and now you're being asked to roll out more specific role-based training for security-critical roles such as developers.  

Read More - How to Integrate Role-Based Developer Training into Your AppSec Program

Secure Coding Training

Jul 18, 2023

Input Validation for Secure Coding: Essential Guide in 2026

While input validation may seem like a foundational topic for developers, it serves as the first line of defense against attacks on your system and should be prioritized within your secure coding training program. 

Read More - Input Validation for Secure Coding: Essential Guide in 2026