What came first: security built into your software development lifecycle or security built into the design and implementation of your code?
When we talk about application security, there are two distinct camps emerging — lifecycle security maturity and product security maturity.
Continue reading Securing the bigger picture: Lifecycle security maturity
Every team’s cyber security training journey is unique, and we’re excited to share a new feature that helps you tailor yours to fit just right.
Continue reading Take control of your cyber security training with SafeStack Learning Paths
Welcome to application security. Once you get started, you can’t help but see the problems with software all around you.
So how do you avoid the pit of despair, burnout, and overwhelm?
Continue reading Security, the infinite game, and the pit of despair
If there’s one thing about cyber security marketing that irritates me, it’s the value claims.
I’m thinking of the measures that vendors place on products that are meant to validate the effectiveness or worth of this particular magic box. Whether it’s “stops 93% of vulnerabilities” or “reduces cyber attacks by 75%”, these numbers don’t help in any meaningful way.
Continue reading Leading indicators in application security
Software development friends: we need to talk. Our definition of high-quality software is broken, and it has been for a while. Most likely you knew this already, but we’ve all been busy and who has the time to make things more complex?
There’s a great opportunity here, but first we need to understand what’s not working and why.
Continue reading Should software security be part of quality?
It’s the start of the year again.
The decorations have been packed away, the team has returned from a well-deserved break, and we all share in the traditional New Year’s dream that this year will be quieter. The world never looks more hopeful than it does in January.
In the spirit of capitalizing on this short-lived optimism and starting 2023 with a renewed focus, I’m asking you to join me in making a change this year.
Continue reading Start where you are with software security
There’s a well-accepted truth in application security: the earlier in the software development process you consider cyber security, the more influence you can have on addressing any issues found. I believe the same to be true for when we give our engineering teams access to secure development education.
Continue reading Introducing SafeStack’s Student Sponsorship program for secure development
You probably don’t need us to tell you that new web application security flaws are uncovered every year.
Keeping across all of them goes a long way to preparing you and your systems against abuse, and we’re excited to bring you a Secure Development course designed to help with that: Advanced Finding and Fixing Application Security Vulnerabilities. Plus, some other neat updates about our learning content.
Continue reading Secure development: Advanced Finding and Fixing Application Security Vulnerabilities
Welcome to our first Secure Development course for 2022: Introduction to DevSecOps.
2022 has been an exciting year for us, with new team members, lots of great seminars, and more course offerings out and on their way.
Continue reading Secure development: Introduction to DevSecOps
We need to have an honest conversation. It’s about shifting security left in software development, and why we need to stop doing it.
Continue reading Why we need to stop shifting cyber security left