Visit Security Journey

Post listing page

Topic: Technical

Technical

The GitHub Supply Chain Threat: What You Need to Know Today

If you’re a GitHub developer that relies on open source repositories in your code (that would be everyone), Tuesday night’s Tweet storm started by Stephen Lacy no doubt caught your...

Continue Reading

Technical

Bridges fall down due to insecure design – make sure your web applications don’t

When it comes to the people designing the bridges I drive across, I want them to use blueprints. I want them to run their design through programs to calculate the exact weight the bridge...

Continue Reading

Technical

Why is Server-Side Request Forgery #10 in OWASP Top 10 2021?

The new #10 on the OWASP Top 10 2021 list is Server-Side Request Forgery (SSRF).   We find this interesting – and worth diving into – especially given the broad categories that make...

Continue Reading

Technical

OWASP Top 10 2021: 7 action items for app sec teams

This article was originally appeared on at TechBeacon.com on October 11, 2021. You can access it here.‍ In the world of application security, the OWASP Top 10 2021 is the most famous—or...

Continue Reading

Technical

Making sense of OWASP A08:2021 – Software & Data Integrity Failures

New OWASP 2021 Top Ten List includes new categories. This time around, the list item number A08, Software and Data Integrity Failures, offers insight into the changing nature of...

Continue Reading

Technical

A developer's guide to attacker motivation in the supply chain

This article was originally appeared on TechBeacon.com on August 16, 2021. You can access it here. Face it. Your software supply chain is under attack. You'd have to be hiding under a rock...

Continue Reading

Technical

Why cybersecurity pros need to learn how to code

This article was originally appeared on at TechBeacon.com on July 6, 2021. You can access it here.   There is an age-old debate in security: Should cybersecurity professionals know how to...

Continue Reading

Technical

TypeScript Doesn't Suck; You Just Don't Care About Security

The introduction of TypeScript elicited a divided reaction from the JavaScript community. Some liked the new superset, which added static and strong typing. Many hate it with a burning...

Continue Reading

Technical

AWS Security: Why you should use IAM roles for access control

Nobody appreciates the words "best practice," especially when they have no idea why it is or who said it. The phrase has encroached on the territory formerly occupied by the adage "in my...

Continue Reading

Technical

Supply chain insecurity: Keep your eyes on the road with Ruby on Rails

This article was originally appeared on TechBeacon.com on April 26, 2021. You can access it here.   The software supply chain has gotten more attention than usual in the past months, as...

Continue Reading