Common Federated Identity Protocols: OpenID Connect vs OAuth vs SAML 2
When it comes to federated identity there are three major protocols used by companies: OAuth 2, OpenID Connect, and SAML.
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
Security Journey Unveils Developer Manifesto as the Foundation for a Reimagined Platform in the Age of AI
The manifesto guides a developer-first platform experience with hands-on AI/LLM security training, GitHub-driven risk...
5 Types of Data You Should NEVER Share with AI
Large language models (LLMs) like ChatGPT are powerful tools, but it's crucial to remember that data privacy is paramount.
Read More
Learn About ‘Secure Coding Training (13)’
Drupalgeddon2 (CVE-2018-7600) Vulnerability
Drupal is the second most popular Content Management System (CMS) in the world. According to BuiltWith, more than 637,360 websites currently use Drupal.
Apache Struts 2 Namespace (CVE-2018-11776) Vulnerability
On 22 August 2018, a Semmle security researcher disclosed a critical vulnerability affecting the versions
2.3 to 2.3.34 and 2.5 to 2.5.16 of Apache Struts 2, one of the most used Java-based web application frameworks.
HackEDU Partners with HackerOne to Expand Hacker101 Training
Software Developer Accountability
Many of our customers have used other secure development training in the past. One of the biggest complaints we hear is that developers just click through the slides or fast forward the videos and don’t really pay attention.
Public Vulnerability Sandboxes
HackEDU has added a new Public Vulnerabilities offering to enhance the training experience. Public vulnerabilities are sandboxes with vulnerabilities that have been disclosed in popular software products such as Drupal, Struts 2, Wordpress, etc.
Top 6 Application Security Must Dos with Limited Resources
The vast majority of application security teams are under resourced. The ideal is that application security teams will scale with development teams, but this rarely happens. Given this disadvantage,...
OWASP Top 10 Mini Series - Command Injection Cheat Sheet
Command injection is similar to SQL injection, but instead of injecting into a SQL query, you are injecting a command into the Operating System. User data can be input to alter the intent of the command that is being executed.
OWASP Top 10 Mini Series - SQL Injection
SQL Injection vulnerability allows attackers to alter database queries to take actions other than what the developer intended. This could allow an attacker to bypass authentication, steal data, alter site and database contents, or even destroy your database.
Compare Codebashing vs. HackEDU
Customers often ask us, “What is the difference between Codebashing and HackEDU?”
Why an Offensive Approach to Security Training is Effective
There is a saying in security that defenders have to be right 100% of the time, but attackers only have to be right once. While this may be an oversimplification, it illustrates that defenders need to understand how attackers think so they can anticipate attacks—the best defenders are those who truly understand the offense.
How Much Should I Spend on Secure Coding Training?
Customers come to us at Security Journey and ask “How much should I spend on Secure Coding Training?” This is a very good question - we can certainly understand the need to know how much to spend for effective training.