Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.

Stay Up-to-Date on all Security Journey news and events.
Featured Articles

Developer-Tailored Secure Code Training: A New Approach from Security Journey
Security training for developers has traditionally been a one-size-fits-all experience—generic, compliance-driven, and...

New Content for Your Most Pressing & Emerging Vulnerabilities: AI/LLM & CWE Top 25
At Security Journey, we continuously evolve our training content to help organizations stay ahead of the most pressing...
Learn About ‘Secure Coding Training (11)’
Software Developer Accountability
Many of our customers have used other secure development training in the past. One of the biggest complaints we hear is that developers just click through the slides or fast forward the videos and don’t really pay attention.
Public Vulnerability Sandboxes
HackEDU has added a new Public Vulnerabilities offering to enhance the training experience. Public vulnerabilities are sandboxes with vulnerabilities that have been disclosed in popular software products such as Drupal, Struts 2, Wordpress, etc.
HackEDU Platform Tutorial
HackEDU provides best in class interactive cybersecurity training for companies looking to train developers to code more securely and for individuals brand new to the field looking to break in. We are passionate about teaching cybersecurity and aim to lower barriers to learn security and give safe and legal environments for exploration.
Top 6 Application Security Must Dos with Limited Resources
The vast majority of application security teams are under resourced. The ideal is that application security teams will scale with development teams, but this rarely happens. Given this disadvantage,...
OWASP Top 10 Mini Series - Command Injection Cheat Sheet
Command injection is similar to SQL injection, but instead of injecting into a SQL query, you are injecting a command into the Operating System. User data can be input to alter the intent of the command that is being executed.
OWASP Top 10 Mini Series - SQL Injection
SQL Injection vulnerability allows attackers to alter database queries to take actions other than what the developer intended. This could allow an attacker to bypass authentication, steal data, alter site and database contents, or even destroy your database.
Compare Codebashing vs. HackEDU
Customers often ask us, “What is the difference between Codebashing and HackEDU?”
Why an Offensive Approach to Security Training is Effective
There is a saying in security that defenders have to be right 100% of the time, but attackers only have to be right once. While this may be an oversimplification, it illustrates that defenders need to understand how attackers think so they can anticipate attacks—the best defenders are those who truly understand the offense.
How Much Should I Spend on Secure Coding Training?
Customers come to us at Security Journey and ask “How much should I spend on Secure Coding Training?” This is a very good question - we can certainly understand the need to know how much to spend for effective training.
Secure Development Training Offers Innovative Approach for Fixing Vulnerable Software
30% of data breaches in 2017 took advantage of software vulnerabilities and weaknesses, costing companies on average $3.6 million per security breach. Many companies address security issues by neglecting security training or by adopting defensive-only training approaches.