Security Journey Blog

Secure Coding Training Application Security

Dec 26, 2019

Apache Struts 2 Namespace (CVE-2018-11776) Vulnerability

On 22 August 2018, a Semmle security researcher disclosed a critical vulnerability affecting the versions 2.3 to 2.3.34 and 2.5 to 2.5.16 of Apache Struts 2, one of the most used Java-based web application frameworks.

Read More - Apache Struts 2 Namespace (CVE-2018-11776) Vulnerability

Secure Coding Training News and Announcements

Dec 26, 2019

HackEDU Partners with HackerOne to Expand Hacker101 Training

HackerOne, the leading hacker-powered security platform, today announced the expansion of its free online hacker training program, Hacker101 through a partnership with interactive cybersecurity training company HackEDU.

Read More - HackEDU Partners with HackerOne to Expand Hacker101 Training

Secure Coding Training

Dec 26, 2019

Software Developer Accountability

Many of our customers have used other secure development training in the past. One of the biggest complaints we hear is that developers just click through the slides or fast forward the videos and don’t really pay attention.

Read More - Software Developer Accountability

Secure Coding Training News and Announcements

Dec 26, 2019

Public Vulnerability Sandboxes

HackEDU has added a new Public Vulnerabilities offering to enhance the training experience. Public vulnerabilities are sandboxes with vulnerabilities that have been disclosed in popular software products such as Drupal, Struts 2, Wordpress, etc.

Read More - Public Vulnerability Sandboxes

Secure Coding Training News and Announcements

Dec 26, 2019

HackEDU Platform Tutorial

HackEDU provides best in class interactive cybersecurity training for companies looking to train developers to code more securely and for individuals brand new to the field looking to break in. We are passionate about teaching cybersecurity and aim to lower barriers to learn security and give safe and legal environments for exploration.

Read More - HackEDU Platform Tutorial

Secure Coding Training Application Security

Dec 26, 2019

Top 6 Application Security Must Dos with Limited Resources

The vast majority of application security teams are under resourced. The ideal is that application security teams will scale with development teams, but this rarely happens. Given this disadvantage,...

Read More - Top 6 Application Security Must Dos with Limited Resources

Secure Coding Training Application Security

Dec 26, 2019

OWASP Top 10 Mini Series - Command Injection Cheat Sheet

Command injection is similar to SQL injection, but instead of injecting into a SQL query, you are injecting a command into the Operating System. User data can be input to alter the intent of the command that is being executed.

Read More - OWASP Top 10 Mini Series - Command Injection Cheat Sheet

Secure Coding Training Application Security

Dec 26, 2019

OWASP Top 10 Mini Series - SQL Injection

SQL Injection vulnerability allows attackers to alter database queries to take actions other than what the developer intended. This could allow an attacker to bypass authentication, steal data, alter site and database contents, or even destroy your database.

Read More - OWASP Top 10 Mini Series - SQL Injection

Secure Coding Training

Dec 26, 2019

Compare Codebashing vs. HackEDU

Customers often ask us, “What is the difference between Codebashing and HackEDU?”

Read More - Compare Codebashing vs. HackEDU

Secure Coding Training

Dec 26, 2019

Why an Offensive Approach to Security Training is Effective

There is a saying in security that defenders have to be right 100% of the time, but attackers only have to be right once. While this may be an oversimplification, it illustrates that defenders need to understand how attackers think so they can anticipate attacks—the best defenders are those who truly understand the offense.

Read More - Why an Offensive Approach to Security Training is Effective

Secure Coding Training

Dec 26, 2019

How Much Should I Spend on Secure Coding Training?

Customers come to us at Security Journey and ask “How much should I spend on Secure Coding Training?” This is a very good question - we can certainly understand the need to know how much to spend for effective training.

Read More - How Much Should I Spend on Secure Coding Training?

Secure Coding Training

Dec 26, 2019

Secure Development Training Offers Innovative Approach for Fixing Vulnerable Software

30% of data breaches in 2017 took advantage of software vulnerabilities and weaknesses, costing companies on average $3.6 million per security breach. Many companies address security issues by neglecting security training or by adopting defensive-only training approaches.

Read More - Secure Development Training Offers Innovative Approach for Fixing Vulnerable Software