Security Journey Blog

Application Security Security Journey News

Nov 23, 2022

[Reversing Labs] GitHub Repojacking Attack: 10 Lessons for Software Teams

This article was written by John P. Mello Jr. for Reversing Labs. Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.

Read More - [Reversing Labs] GitHub Repojacking Attack: 10 Lessons for Software Teams

Compliance & Regulations

Nov 21, 2022

Your Guide to Developer Training Requirements in AppSec Compliance

Organizations that develop software know that application security is a top priority. Safeguarding customer data is critical. There are many rules, regulations, and frameworks in place to protect...

Read More - Your Guide to Developer Training Requirements in AppSec Compliance

Application Security

Nov 3, 2022

Filling the Application Security Education Gap

While we’ve seen promising steps in the right direction when it comes to application security, there is still a significant gap in secure coding knowledge across the entire software development...

Read More - Filling the Application Security Education Gap

Application Security

Nov 2, 2022

Learning Swing: Measuring Knowledge Gain in Secure Coding Training Programs

A measurable increase in a learner’s knowledge after completing training is an essential component to any successful education program. Measurable knowledge gain is one way to prove your program’s effectiveness and value. 

Read More - Learning Swing: Measuring Knowledge Gain in Secure Coding Training Programs

Security Culture Security Journey News

Oct 31, 2022

[Dark Reading] Does Security Have to Get Worse Before It Gets Better?

This article was written by Amy Baker for Dark Reading. How to solve the software vulnerability problem across the entire SDLC.

Read More - [Dark Reading] Does Security Have to Get Worse Before It Gets Better?

Security Culture Security Journey News

Oct 25, 2022

[Dark Reading] Security Leaders are Calling for Industry to Take Action and Programmatically Improve Secure Coding Education

This article was posted on Dark Reading. Currently, none of the top 50 undergraduate computer science programs in the U.S. require a course in code or application security.

Read More - [Dark Reading] Security Leaders are Calling for Industry to Take Action and Programmatically Improve Secure Coding Education

Application Security

Oct 7, 2022

Beyond Security Awareness: Safer Apps through Education

The past decade has seen security awareness go from a new concept to a security strategy embedded in most organizations.  Several regulations recommend security training but do so in very broad terms.

Read More - Beyond Security Awareness: Safer Apps through Education

Secure Coding Training

Sep 21, 2022

Three New Lessons to Improve Password Security

Keeping user passwords secure should be a top priority for every system administrator. Stolen login credentials are one of the easiest and most common ways for cybercriminals to gain entry to systems...

Read More - Three New Lessons to Improve Password Security

Compliance & Regulations Security Journey News

Sep 16, 2022

[Security Week] Industry Reactions to Govt Requiring Security Guarantees From Software Vendors

This article was written by Eduard Kovacs for Security Week. The White House has announced new guidance with the aim of ensuring that federal agencies only use secure software.

Read More - [Security Week] Industry Reactions to Govt Requiring Security Guarantees From Software Vendors

Secure Coding Training

Sep 15, 2022

Improve Your Rust Code Security Today

Rust is an extremely popular programming language, claiming the title of most loved language for seven years in a row in the annual Stack Overflow Developer Survey.  

Read More - Improve Your Rust Code Security Today

OWASP

Sep 13, 2022

Beyond the OWASP Top 10 for Companies Subject to PCI Compliance

Many customers don’t want their developers to merely retake the same material year after year. They want substantive training to enhance knowledge and skills. And, of course, many customers must provide secure coding training that fulfills PCI Requirement 6.5.

Read More - Beyond the OWASP Top 10 for Companies Subject to PCI Compliance

Security Culture Security Journey News

Sep 2, 2022

[Dark Reading] Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds

This article was originally posted on Dark Reading. The US government and the Open Source Security Foundation have released guidance to shore up software supply chain security, and now it's up to developers to act.

Read More - [Dark Reading] Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds