How do you Train Developers in Secure SDLC Practices?
As the threat environment grows more serious, applications have become a more vulnerable part of the overall attack surface.
Security Journey Blog
Here you’ll find the latest news, information, and trends in application security and compliance, plus tips and strategies for writing safer code and building a security culture.
Stay Up-to-Date on all Security Journey news and events.
Featured Articles
New Content for Your Most Pressing & Emerging Vulnerabilities: AI/LLM & CWE Top 25
At Security Journey, we continuously evolve our training content to help organizations stay ahead of the most pressing...
5 Types of Data You Should NEVER Share with AI
Large language models (LLMs) like ChatGPT are powerful tools, but it's crucial to remember that data privacy is paramount.
Read More
Learn About ‘Security Culture (6)’
What is a Capture The Flag Event, and How Does It Benefit Developers?
A Capture the Flag event, or CTF for short, is a gamified exercise designed to test cybersecurity skills. The goal of the game, much like in the live-action, outdoor game many of us remember from childhood, is to get the highest score by capturing the most flags.
How Security Champions Help Improve Application Security
Application security is a major concern for many organizations. In 2020, over 23,000 new vulnerabilities were discovered and publicly reported in production applications. On average, a codebase ...
How Secure Coding Training Fits Into The Shift Left Movement
In the past, security was not seen as a priority during the development process. Often, developers would only perform vulnerability scans and security audits as part of the testing phase of the...
How to Put the Threat Modeling Manifesto Into Action
If you have not yet seen the Threat Modeling Manifesto, you’re missing out.
How to Shift Left and Increase Long-Term Efficiency
In software development, issues become more time-consuming and more expensive the longer it takes to find and fix them. Find defects too late in the development cycle, and you could risk a delayed...
DevOps Security Culture: 12 Fails Your Team Can Learn From
This post was written by Chris Romeo during his tenure at Security Journey.
This article was originally appeared on at TechBeacon.com on January 6, 2021. You can access it here.
3 Steps To Overcoming the Shortage in Security Talent (Hint: You Already Have What You Need)
According to the 2019/2020 Official Annual Cybersecurity Jobs Report, an estimated 3.5 million cybersecurity jobs will go unfilled in 2021. While attracting candidates from such a limited talent pool...
6 Ways to Develop a Security Culture From Top to Bottom
With our modern dependence on technology and security, nobody would dare to make this statement. Everyone knows how crucial security is and how it must be embedded into everything an organization does. A simple glance at the news provides details on the data breach of the day tied to an application security vulnerability.
The Carrot and the Stick: Security Rewards and Recognition
How do you incentivize people to participate in your security program? Are you using a carrot or a stick? Security rewards and recognition are crucial for the success of your security belt program.
Three Ways to Empower Remote Threat Modeling
We’re all living in this new world where we’re working from home. The question we pose is, 'How will we make progress on rolling out threat modeling when we can’t meet with people face to face and...
4 Steps to Transforming Developers Into Security People
This post was written by Chris Romeo during his tenure at Security Journey.
Developers are everywhere because software is everywhere. Try to think of an organization that doesn’t employ at least a...