Visit Security Journey

Post listing page

Technical

Why is Server-Side Request Forgery #10 in OWASP Top 10 2021?

The new #10 on the OWASP Top 10 2021 list is Server-Side Request Forgery (SSRF).   We find this interesting – and worth diving into – especially given the broad categories that make...

Continue Reading

Technical

OWASP Top 10 2021: 7 action items for app sec teams

This article was originally appeared on at TechBeacon.com on October 11, 2021. You can access it here.‍ In the world of application security, the OWASP Top 10 2021 is the most famous—or...

Continue Reading

DevSecOps Secure SDLC Shift Left

How do you Train Developers in Secure SDLC Practices?

  As the threat environment grows more serious, applications have become a more vulnerable part of the overall attack surface. To mitigate application-level risk exposure, it is necessary...

Continue Reading

Technical

Making sense of OWASP A08:2021 – Software & Data Integrity Failures

New OWASP 2021 Top Ten List includes new categories. This time around, the list item number A08, Software and Data Integrity Failures, offers insight into the changing nature of...

Continue Reading
OWASP Top 10 2021 List - What’s New and What Should You Do to Respond?

  As you may already know, the OWASP Top 10 is an awareness document that helps developers learn about common software security issues and the corresponding remediations. Many compliance...

Continue Reading

software security Secure SDLC

How do you Practice Secure Coding?

  Developers are the foundation of an organization’s digital strategy, building the products and services that drive revenue and help their company to operate more efficiently....

Continue Reading

HackEDU Announcement

We Made Some Major Improvements To Our Training

  We constantly strive to improve our secure coding training platform, and as part of that effort, we pay close attention to the feedback that everyone who uses our product provides us....

Continue Reading

software security Secure SDLC

What is the S-SDLC or Secure SDLC?

  There was a point in time when the only thing that mattered when it came to software development was that functional software was deployed in the stipulated time. There wasn't much...

Continue Reading

Technical

A developer's guide to attacker motivation in the supply chain

This article was originally appeared on TechBeacon.com on August 16, 2021. You can access it here. Face it. Your software supply chain is under attack. You'd have to be hiding under a rock...

Continue Reading

DevSecOps threat modeling

What is Threat Modeling? (practical guide + threat modeling template)

  Note: You can use our free Threat Modeling template to make it easier to follow along. Simply make a copy or download the template, which is located on Google Drive. Introduction Threat...

Continue Reading