Application Security and the Zen of Python

Dima Kotik
Application Security Engineer

The Zen of Python's source code is a string scrambled with Caesar’s cipher returned from a one-line iterator over an ASCII dictionary. Many coding languages today pay homage to it. Let's apply the Zen of Python to application security.

Read Story

How Performance Became the Nemesis of the Secure Python Code

Dima Kotik
Application Security Engineer

Nothing forecasts the future of a programming language better than the epos of its community. For Python, one word dominates the discussions of the past few years: performance.

Read Story

Why Vulnerability List Methodologies Matter (And why we trust CWE & OWASP)

Hannah Boothe
Application Security Engineer

Application security lists, like the CWE Top 25 and Owasp Top 10, help focus on specific weaknesses or vulnerabilities within your system. But, do you understand their approach to ranking? If not, can you really trust them? Some vulnerability list ranking methodologies bias one aspect of security over another, and some may not work with partially unknown vulnerabilities. 

Read Story

Be afraid of the Ruby on Rails Supply Chain

Michael Burch
Application Security Engineer

As the complexity of applications increases, so does your reliance on open source and third-party software libraries. With the compounded usage of open source, an expansion of the attack surface is underway. The increased threat is evident in recent high-profile attacks targeting the software supply chain. These types of attacks threaten organizations indirectly by targeting third-party vendors that provide you with software. Can you vouch for the security state of every library in your Rails applications? 

Read Story

What I Learned in Year 5 of MY Security Journey – It's now OUR Journey!

Chris Romeo
CEO & Co-Founder

While the year 2020 is not one we'll soon forget, this was a year of extreme growth for SecurityJourney. It's incredible what a team can achieve with passion and an innovative, security culture-changing product. Here are a 8 key growth lessons I learned over the past year.

Read Story

DevOps security culture: 12 fails your team can learn from

Chris Romeo
CEO & Co-Founder

Will DevOps and DevSecOps still be relevant in 50 years? Today's DevOps technology will be long gone, but some cultural pieces may still be around. My best guess on the part of DevOps that will still exist: DevOps security culture.

Read Story

6 ways to develop a security culture from top to bottom

Chris Romeo
CEO & Co-Founder

Of course, every organization has a security culture. If they say they don’t, they are either lying or afraid to admit they have a bad security culture. The good news is that any security culture can positively change how the organization approaches security. But culture change takes time, so don’t expect your members of your organization to overnight become pen-testing Ninjas that write secure code while they sleep. With the right process and attitude, you’ll get there.

Read Story
Need more information about Security Journey? Get in touch.

Ready to start your journey?

Book A Demo