Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.

Stay Up-to-Date on all Security Journey news and events.
Featured Articles

A New Way to Train on OWASP Top 10: The Diligent Developer Chronicles

Security Journey accelerated secure coding training platform enhancements to drive development team engagement and application security knowledge gain
Learn About ‘Research’
Measuring the ROI of AppSec Training [INFOGRAPHIC]
Security Journey provides engaging and effective AppSec training to developers and all members of the SDLC. This infographic breaks down the ROI of AppSec training for an organization with the calculations.
Benefits of Progressive Learning Paths for AppSec Education
Learning is a lifelong journey, no matter your age, and when educational content is built with learning science principles in mind – learning can also be effective.
How Code Scanning Tools Are Letting You Down
Secure Code Training vs. Code Scanning Tools
Is Secure Coding Training a Better Investment Than Code Scanning Tools for Reducing Application Vulnerabilities?
Adopting Long Lasting AppSec Habits For 2023
The new year is traditionally a time to make resolutions and form good habits. It’s an opportunity that many of us take in both our professional and personal lives to adopt better practices and...
The GitHub Supply Chain Threat: What You Need to Know Today
If you’re a GitHub developer that relies on open source repositories in your code (that would be everyone), Tuesday night’s Tweet storm started by Stephen Lacy no doubt caught your attention.
Learning How to Reduce Injection Vulnerabilities Risk in Minutes
Last week, we released our Secure Coding Report: Injection Vulnerabilities, which identifies that training software developers on how to best protect against one of the most critical exploits on the...
Bridges fall down due to insecure design – make sure your web applications don’t
When it comes to the people designing the bridges I drive across, I want them to use blueprints. I want them to run their design through programs to calculate the exact weight the bridge can hold...
Why is Server-Side Request Forgery #10 in OWASP Top 10 2021?
The new #10 on the OWASP Top 10 2021 list is Server-Side Request Forgery (SSRF).
OWASP Top 10 2021: 7 Action Items for App Sec Teams
This post was written by Chris Romeo during his tenure at Security Journey. This article was originally appeared on at TechBeacon.com on October 11, 2021. You can access it here.