Skip to content

Security Journey AppSec Resources

Expertly crafted content to help you run an effective security training program for everyone in your SDLC.

Download Our Overview Brochure

Filters

resource_library_6questions_ebook

6 Questions You Should Be Asking About Product Security

This guide offers essential insights and actionable steps to enhance your organization's software security. It addresses key questions about secure coding practices and fosters a security-conscious culture.

Learn More
resource_library_securecodestudy_ebook

A Study on Secure Coding Training

This study aims to understand the state of secure coding training and provide insights into how organizations are attempting to improve software security in the face of increasing regulatory pressure.

Learn More
resource_library_zoom_casestudy

Zoom Selects Security Journey to Drive Application Security Excellence

Discover how Zoom transformed their application security training with Security Journey.

Learn More
resource_library_thumbnails_webinars25

Webinars

Security Journey offers robust application security education tools to help developers and the entire SDLC team recognize and understand vulnerabilities and threats and proactively mitigate these risks. The knowledge learners acquire in our programs goes beyond helping learners code more securely – it turns everyone in the SDLC into security champions. 

Learn more
resource_library_ai_fieldguide

Tactical AppSec: An AI Security Field Guide

Tactical AppSec: An AI Security Field Guide is a hands-on guide built for real leaders. You’ll cut through the noise, uncover where AI is showing up, and put practical governance in place, fast. Whether you're flying solo or driving org-wide strategy, this is your battle plan to lead with confidence and keep innovation secure.

Learn More
resource_library_sevensteps_ebook

Seven Steps to an Ideal Secure Coding Training Program

This guide shares practical strategies and actionable steps for planning, implementing, and maintaining an effective secure coding training program.

Learn More
resource_library_educationvawareness_ebook

Cybersecurity Education vs. Awareness

Data breaches and application attacks have severe consequences. Human involvement is critical for secure code release, alongside tools and automation.

Learn more
resource_library_RG3_podcast

Roger Grimes - Quantum Security

Roger A. Grimes, Data-Driven Defense Evangelist for KnowBe4, Inc., is the author of 15 books and over 1500 articles. He specializes in host security and preventing hacker and malware attacks.

Listen Here
resource_library_soc2_casestudy

Leading Visitor Management Solution Meets PCI Secure Coding Training Compliance

Learn how this Leading Visitor Management Solution used Security Journey's solution to save time on SOC2 Compliance reporting and to get their developers more engaged with their application security.

Learn More
resource_library_fintech_casestudy

How a Fintech Streamlined PCI DSS Requirement 6.5 and Increased Developer Engagement

Learn how this organization streamlined their PCI DSS requirements while engaging developers.

Learn More
resource_library_DL03_podcast

Dustin Lehr - Code, Culture, and Community

Dustin Lehr joined Security Journey as Director of Application Security Advocacy. With nearly two decades of experience as a software engineer, application architect, and cybersecurity leader, Dustin has ample expertise in the industry.

Listen Here
resource_library_6Steps_ebook

Six Steps to Meet Compliance and Shift Your Culture

This paper examines the implications of PCI DSS 4.0 for development teams and outlines six actionable steps for organizations to ensure compliance.

Learn more
resource_library_codeconquer_webinar

Code or Be Conquered: Preparing Developers for Cyber Threats in the Age of AI

This SC Media panelcast, sponsored by Security Journey, brings together secure development experts and AppSec leaders to explore what it takes to embed lasting, secure coding behaviors across the software lifecycle.

Watch Here
resource_library_threatmodel_ebook

Threat Modeling Worksheet

You can use the STRIDE model to identify potential threats to your product and the DREAD model to prioritize them.

Learn More
resource_library_DK3_podcast

David Kosorok - Mastering Application Security

David Kosorok, the Director of Information Security Programs at Toast, Inc., has over 25 years of experience in software and security testing, including more than 16 years dedicated to security.

Listen Here
resource_library_ema_ebook

Secure Coding Practices – Growing Success or Zero-Day Epidemic?

EMA surveyed 129 professionals across multiple industry verticals, seeking to understand how organizations are tackling the difficult challenge of developing secure software applications.
Learn More
resource_library_evaluate_checklist

Checklist for Evaluating Secure Coding Training Platforms

There are several secure coding training platforms available, each with unique philosophical and design foundations.

Learn More
resource_library_code-crumbles_webinar

How the Code Crumbles: AI Disruption, Security Gaps, and What Comes Next

Mike Burch, Director of Application Security at Security Journey, will go beyond the technical details to uncover the policy blind spots, strategic vulnerabilities, and governance challenges introduced by AI at scale, especially when it comes to software development.

Watch Here
resource_library_AB3_podcast

Adam Bruehl - Secure Code in Medicine

Adam Bruehl, a Senior DevOps Engineer at Security Journey, has a unique blend of expertise ranging from biology to technology.

Listen Here
resource_library_dev-vs-sec_webinar

Development vs. Security: Make It Stop

This discussion embraces the needs of both the development and security teams to help everyone reach the combined goal of quality, secure software while still hitting your speed-to-market goals with new features.

Watch Here
resource_library_securingai_webinar

Securing AI: Insights from the Frontlines of Application Security

Join Security Journey’s expert content team for an insightful discussion on AI security and the evolving landscape of AI threats, guided by the latest OWASP AI Top 10 list.

Watch Here
resource_library_SecureCodingInjection_ebook

Secure Coding Report: Injection Vulnerabilities

Derek Brink, VP and Research Fellow at Aberdeen Strategy and Research analyzed 140k HackEDU Hands-on exercises for training software developers to identify and fix Injection vulnerabilities.

Learn More
resource_library_tacapp_fieldguide

Tactical AppSec: Champions Field Guide

Tactical AppSec: A Champions' Field Guide is your hands-on playbook, crafted specifically for developers and champions like you—those who write, review, deploy, and secure code. It’s designed to meet you where you are, helping you tackle real-world security challenges with practical, actionable solutions.

Learn More
resource_library_pci_casestudy

Company Meets PCI Secure Coding Training Compliance

Find out how this organization improved fixing vulnerabilities from 14% to 81%.

Learn More
resource_library_marketingautomation_casestudy

A Leading Marketing Automation Company Takes Secure Coding Best Practice To Another Level

You can learn about secure coding practices from this company's training playbook.

Learn More
resource_library_ME3_podcast

Michael Erquitt - The AI Threat Landscape

Michael Erquitt is a Senior Security Engineer at Security Journey who develops educational content for all of our learners.

Listen Here
resource_library_valueseced_webinars25

The Value of Security Education for Developers

In this video, Amy Baker discusses the importance of security education in solving this application security issue.

Watch Here
resource_library_threatmodel_webinar

Threat Modeling in Action

Chris Romeo, the AppSec Expert and co-author of the Threat Modeling Manifesto, recently hosted a discussion on the benefits of threat modeling, including a live demo of the process.

Watch Here
resource_library_study_webinar

2024 Study on How Secure Coding Training Impacts Regulatory Compliance

Study, conducted by the Ponemon Institute and sponsored and published by Security Journey, aimed to understand the state of secure coding training.

Watch Here
resource_library_code-to-culture_webinar

From Code to Culture: Driving Developer Engagement in Security Initiatives

Join us for this insightful webinar as we explore how to go beyond static security policies and tools to create a developer-centric security culture that embeds secure practices into everyday workflows.

Watch Here
resource_library_supply-chain_webinar

Software Supply Chain Security AppSec Webinar

This webinar will provide a deep dive into modern approaches, best
practices, and essential resources to safeguard your software supply chain from end to end.

Watch Here
resource_library_PCI_webinar

Are Your Developers Ready For PCI-DSS 4.0?

By leveraging Security Journey's training platform, organizations can drive PCI training success by providing highly effective, engaging, and customizable training programs that enable employees to learn and apply the best practices for securing payment card information.

Watch Here
resource_library_closingthegap_ebook

Closing the Security Gap in AI

Discover how AI is changing secure coding and what developers can do to keep up. Download the report to learn from AppSec and AI experts.

Learn More
AppSec Redefined: A New Way Forward Webinar

AppSec Redefined: A New Way Forward

Director of Application Security Mike Burch explores how thecapplication security industry has been failing and how adopting a few core concepts can help shape a new way forward.

Watch Here
How Are You Solving The Developer Security Knowledge Gap? Webinar

How Are You Solving The Developer Security Knowledge Gap?

In this webinar, we will discuss why code
security is important and how to implement security into your software development life cycle.

Watch Here
Top 10 Biggest Security Threats to Your Products Webinar

Top 10 Biggest Security Threats to Your Products

Mike Burch, Director of Application Security at Security Journey, and his team took the time to evaluate these lists and compile what we believe is a list to rule them all – the top 10 biggest threats to our products across the different technologies.

Watch Here
Measuring the ROI of Secure Coding Training

Measuring the ROI of Secure Coding Training

In this video, Amy Baker from Security Journey will review the business impact of an application security risk, the cost of secure coding training, and show how you can calculate the ROI of secure coding training.

Watch Here
_resource_library_Playbook_webinar

Secure AI Systems: A Playbook for Strategic Defense

In this session, Mike Burch, Director of Application Security at Security Journey, went beyond the hype to uncover what truly made AI different and why traditional security approaches fell short.

Watch Here
resource_library_leader_fieldguide

Tactical Appsec: A Security Champion Leader's Guide

Tactical Appsec: A Security Champion Leader's Guide is a hands-on guide to discovering how to scale application security through people, not just tools. Download this practical guide for Security Champion program leaders and start embedding security across your organization today.

Learn More