Application Security and the Zen of Python

Dima Kotik
Application Security Engineer

The Zen of Python's source code is a string scrambled with Caesar’s cipher returned from a one-line iterator over an ASCII dictionary. Many coding languages today pay homage to it. Let's apply the Zen of Python to application security.

Read Story

How to put the Threat Modeling Manifesto into action

Chris Romeo
CEO & Co-Founder

The Manifesto defines threat modeling as analyzing representations of a system to highlight security and privacy characteristics. Threat modeling is that, and much more. Threat modeling educates developers and testers about security from a different perspective than the OWASP Top 10 or an attacker-centric view.

Read Story

Supply chain insecurity: Keep your eyes on the road with Ruby on Rails

Michael Burch
Application Security Engineer

The software supply chain has gotten more attention than usual in the past months, as companies have disclosed issues resulting from flawed approaches to protecting the integrity of their software-based applications. The software supply chain is weakly held together, and most people have no idea just how fragile it is.

Read Story

How Performance Became the Nemesis of the Secure Python Code

Dima Kotik
Application Security Engineer

Nothing forecasts the future of a programming language better than the epos of its community. For Python, one word dominates the discussions of the past few years: performance.

Read Story

Why Vulnerability List Methodologies Matter (And why we trust CWE & OWASP)

Hannah Boothe
Application Security Engineer

Application security lists, like the CWE Top 25 and Owasp Top 10, help focus on specific weaknesses or vulnerabilities within your system. But, do you understand their approach to ranking? If not, can you really trust them? Some vulnerability list ranking methodologies bias one aspect of security over another, and some may not work with partially unknown vulnerabilities. 

Read Story

Be afraid of the Ruby on Rails Supply Chain

Michael Burch
Application Security Engineer

As the complexity of applications increases, so does your reliance on open source and third-party software libraries. With the compounded usage of open source, an expansion of the attack surface is underway. The increased threat is evident in recent high-profile attacks targeting the software supply chain. These types of attacks threaten organizations indirectly by targeting third-party vendors that provide you with software. Can you vouch for the security state of every library in your Rails applications? 

Read Story

What I Learned in Year 5 of MY Security Journey – It's now OUR Journey!

Chris Romeo
CEO & Co-Founder

While the year 2020 is not one we'll soon forget, this was a year of extreme growth for SecurityJourney. It's incredible what a team can achieve with passion and an innovative, security culture-changing product. Here are a 8 key growth lessons I learned over the past year.

Read Story
Need more information about Security Journey? Get in touch.

Ready to start your journey?

Let's Talk