PCI Secure Software Lifecycle (Secure SLC)
Ever since its formation in 2006, the PCI Security Standards Council (PCI SSC) has worked to improve the security of payment solutions and protect merchants against the latest security threats. In...
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
New Content for Your Most Pressing & Emerging Vulnerabilities: AI/LLM & CWE Top 25
At Security Journey, we continuously evolve our training content to help organizations stay ahead of the most pressing...
5 Types of Data You Should NEVER Share with AI
Large language models (LLMs) like ChatGPT are powerful tools, but it's crucial to remember that data privacy is paramount.
Read More
How to Go Beyond PCI Compliance to Secure Your Organization: Requirements 8-12
The State of DevSecOps: 5 Best Practices From the Front Lines
This post was written by Chris Romeo during his tenure at Security Journey.
Ladies and gentlemen, citizens of the Internet, could this be the year when DevSecOps finally catches on everywhere?
How to Go Beyond PCI Compliance to Secure Your Organization: Requirements 4-7
In the second installment in this series, we introduced how payment processing works and explained the first three PCI requirements. In this post we will explore the next four PCI DSS requirements,...
How to Go Beyond PCI Compliance to Secure Your Organization: Requirements 1-3
In the first post of this series, we discussed the Payment Card Industry Data Security Standard (PCI DSS), why it is important, and what the consequences are of being non-compliant. We also explained...
How to Go Beyond PCI Compliance Requirements to Secure Your Organization: Introduction
In 2000, the number of websites skyrocketed to 17 million, with more than 400 million internet users. Shortly after, a growing number of online stores came online, eager to capitalize on the...
Same-Origin Policy And Cross-Origin Resource Sharing (CORS)
Modern web browsers provide many built-in security mechanisms to defend against attackers.
Secure Software Development Defined
Software development follows what is called a Software Development Lifecycle, or S D L C. It is a process used for developing software.
Why You Need a Vulnerability Disclosure Response Plan & How to Develop One
Most companies have an Incident Response Plan these days.
Common Federated Identity Protocols: OpenID Connect vs OAuth vs SAML 2
When it comes to federated identity there are three major protocols used by companies: OAuth 2, OpenID Connect, and SAML.
DevSecOps Best Practices
You’ve decided to integrate DevSecOps into your software development operations. That’s an important first step to improving your product’s overall security by including it into the development...
What Is DevSecOps?
DevOps, that combination of software development and IT operations, is designed to improve the development life cycle, getting software to market quicker and improve overall deployment.