When searching through the security headlines, many businesses and IT leaders realize the importance of keeping their systems safe. They know that training software developers is a key part of preventing the kinds of attacks and breaches that make the headlines. Customer data and company revenue are at stake. However, training software developers can be a challenge in itself. How frequently do… READ MORE ›

What is the purpose of sending your children to school? Apart from compliance with truancy laws, you want your children to learn what is required to become productive members of society. Challenges will come up in this process. It’s how you meet these challenges that have a large impact on the end result when your child graduates. What do you think is the best way for parents to help children… READ MORE ›

Is training ever truly complete? When can you say you’re finished training? In colonial times and into the 19th century, apprenticeships were common. In the 20th century, and into the 21st, training has changed quite a bit due to computers becoming mainstream and corporations becoming the main employer of people. Training is undergoing another metamorphosis right now. This change, which will… READ MORE ›

Compliance is about measurement. You measure your effectiveness against a standard so you can later present those measurements to a third party as proof of your compliance. One common measurement for companies requiring PCI compliance is security training. PCI Requirement states that companies holding cardholder data must train their developers at least once a year on application security… READ MORE ›

You’re not likely to find a web application that doesn’t use a sophisticated front-end framework like Angular. One of the selling points of front-end frameworks like Angular has been their best effort to prevent Cross-site Scripting (XSS) by escaping characters that could be interpreted as code. These efforts are commendable since XSS has been a major problem in web applications for quite some… READ MORE ›

PCI-compliant organizations have much to protect. The dangers of an attack on financial data are real and costly (especially if you serve large amounts of customers). Remaining PCI-compliant is a good first step to making sure your sensitive data is safe. One requirement of PCI is regular security training for your developers, at least once per year. Training has to be up to date, and you have… READ MORE ›

The software development life cycle (SDLC) is a common sight for those who work on software projects. Whether you’re a developer or a security engineer or even a project manager or QA tester, you know all of the pieces by heart.   You begin by creating requirements so you know what the software should do. Then you develop the software, test it to make sure it meets the requirements, then deploy… READ MORE ›

Improper access control is a basic web application vulnerability that still leads to compromises. Small oversights or simply not thinking things through can lead to big problems, such as account takeover or sensitive data being stolen. Let’s take a look at what improper access control looks like in a Django application. If you’re a Django developer, keep reading to make sure your application isn… READ MORE ›

I’ll let you in on a little secret. Most hacks are boring. They aren’t the crazy, complicated “Ocean’s Eleven” style plan within a plan hacks you might see on TV or in the movies. To most people, actually hacking a website would be pretty boring. There are pieces of software you can grab off the Internet, point at a website, and data pops out. Those who take the time to learn basic techniques of… READ MORE ›

Who is responsible for software security? This question has been asked by many in the industry. It’s asked because when major software vulnerabilities lead to data breaches or major problems, some may want to know who to blame. Others want to know how to prevent such mistakes in the future. Where should resources be directed to help prevent software vulnerabilities? Focus has increased on … READ MORE ›