Announcing our Secure Coding Training Guide
We’ve talked to hundreds of secure coding training administrators over the years, and we’ve seen many approaches to setting up and deploying a secure coding training program. We’ve seen what works...
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Security Journey Unveils Developer Manifesto as the Foundation for a Reimagined Platform in the Age of AI
The manifesto guides a developer-first platform experience with hands-on AI/LLM security training, GitHub-driven risk...
5 Types of Data You Should NEVER Share with AI
Large language models (LLMs) like ChatGPT are powerful tools, but it's crucial to remember that data privacy is paramount.
Read More
Posts by Security Journey/HackEDU Team
AWS Security: Why you should use IAM roles for access control
Nobody appreciates the words "best practice," especially when they have no idea why it is or who said it. The phrase has encroached on the territory formerly occupied by the adage "in my humble...
How Offensive Training Improves Defensive-Only Approaches in Secure Coding Training
Chess is an oft-used analogy for cybersecurity because there are many similarities between the two. At their core, they are games of strategy which pit two adversaries against each other in a bid to...
How to Put the Threat Modeling Manifesto Into Action
If you have not yet seen the Threat Modeling Manifesto, you’re missing out.
Supply Chain Insecurity: Keep Your Eyes on the Road with Ruby on Rails
This article was originally appeared on TechBeacon.com on April 26, 2021. You can access it here.
Application Security and the Zen of Python
What shall we make of the Zen of Python? Is it the epos of the language? A philosophy of computing? There are those days when one wonders whether the Python language itself is an elaborate prank...
What I Learned in Year 5 of MY Security Journey – It's now OUR Journey!
This post was written by Chris Romeo during his tenure at Security Journey.
While the year 2020 is not one we'll soon forget, this was a year of extreme growth for Security Journey.
How Performance Became the Nemesis of the Secure Python Code
A young man once impressed by a serene, wise man asked him, "Why are you never in a hurry?" The wise man pulled out a fish net from his bag and said: "If you choose well the place to cast the net,...
Why Vulnerability List Methodologies Matter (And why we trust CWE & OWASP)
Application security lists help focus on specific weaknesses or vulnerabilities within your system. But, do you understand their approach to ranking? If not, can you really trust them? Some...
Be Afraid of the Ruby on Rails Supply Chain
As the complexity of applications increases, so does your reliance on open source and third-party software libraries. With the compounded usage of open source, an expansion of the attack surface is...
How (and Why) to Teach Developers to Think Like Hackers
Coaches of sports teams would relish the chance to know their opponents' offensive playbook, so that they can prepare the right defensive schemes. Debate experts say you should understand your...
How to Shift Left and Increase Long-Term Efficiency
In software development, issues become more time-consuming and more expensive the longer it takes to find and fix them. Find defects too late in the development cycle, and you could risk a delayed...