Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.

Stay Up-to-Date on all Security Journey news and events.
Featured Articles

Security Journey Announces Unified Education Platform for Enhanced AppSec Training

How to Measure the ROI of Application Security Training
Learn About ‘Research’
Is Secure Coding Training a Better Investment Than Code Scanning Tools for Reducing Application Vulnerabilities?
Adopting Long Lasting AppSec Habits For 2023
The new year is traditionally a time to make resolutions and form good habits. It’s an opportunity that many of us take in both our professional and personal lives to adopt better practices and...
The GitHub Supply Chain Threat: What You Need to Know Today
If you’re a GitHub developer that relies on open source repositories in your code (that would be everyone), Tuesday night’s Tweet storm started by Stephen Lacy no doubt caught your attention.
Learning How to Reduce Injection Vulnerabilities Risk in Minutes
Last week, we released our Secure Coding Report: Injection Vulnerabilities, which identifies that training software developers on how to best protect against one of the most critical exploits on the...
Bridges fall down due to insecure design – make sure your web applications don’t
When it comes to the people designing the bridges I drive across, I want them to use blueprints. I want them to run their design through programs to calculate the exact weight the bridge can hold...
Why is Server-Side Request Forgery #10 in OWASP Top 10 2021?
The new #10 on the OWASP Top 10 2021 list is Server-Side Request Forgery (SSRF).
OWASP Top 10 2021: 7 Action Items for App Sec Teams
This article was originally appeared on at TechBeacon.com on October 11, 2021. You can access it here.
Making Sense of OWASP A08:2021 – Software & Data Integrity Failures
New OWASP 2021 Top Ten List includes new categories. This time around, the list item number A08, Software and Data Integrity Failures, offers insight into the changing nature of application security...
A Developer's Guide to Attacker Motivation in the Supply Chain
This article was originally appeared on TechBeacon.com on August 16, 2021. You can access it here.
Why Cybersecurity Pros Need to Learn How to Code
This article was originally appeared on at TechBeacon.com on July 6, 2021. You can access it here.
TypeScript Doesn't Suck; You Just Don't Care About Security
The introduction of TypeScript elicited a divided reaction from the JavaScript community. Some liked the new superset, which added static and strong typing. Many hate it with a burning passion from...