Articles By Justin Boyer

What is “Effective” Developer Training?

When searching through the security headlines, many business and IT leaders realize the importance of keeping their systems safe. They know that training software developers is a key part of preventing the kinds of attacks and breaches that make the headlines. Customer data and company revenue are at stake. However, [Read more...]

By | 2019-01-14T10:57:52+00:00 February 11th, 2019|

Is Your Security Team an Enabler or a Disabler?

What is the purpose of sending your children to school? Apart form compliance with truancy laws, you want your children to learn what is required to become productive members of society. Challenges will come up in this process. It's how you meet these challenges that has a large impact on [Read more...]

By | 2019-01-14T10:55:25+00:00 January 22nd, 2019|

The Difference Between Being Compliant and Being Effective: How to Train Developers Without Getting in the Way

Compliance is about measurement. You measure your effectiveness against a standard so you can later present those measurements to a third party as proof of your compliance. One common measurement for companies requiring PCI compliance is security training. PCI Requirement 6.5 (PDF link) states that companies holding cardholder data must [Read more...]

By | 2018-12-10T16:10:07+00:00 December 10th, 2018|

The Great Escape: Avoiding XSS in Angular Templates

You're not likely to find a web application that doesn't use a sophisticated front-end framework like Angular. One of the selling points of front-end frameworks like Angular has been their best effort to prevent Cross-site Scripting (XSS) by escaping characters that could be interpreted as code. These efforts are commendable, [Read more...]

By | 2018-11-26T14:35:55+00:00 November 26th, 2018|

Security Training’s Place in a Secure SDLC

The software development life cycle (SDLC) is a common sight to those who work on software projects. Whether you're a developer or a security engineer or even a project manager or QA tester, you know all of the pieces by heart. You begin by creating requirements so you know what [Read more...]

By | 2018-10-31T21:59:31+00:00 October 31st, 2018|

5 Reasons Your App is Insecure

I'll let you in on a little secret. Most hacks are boring. They aren't the crazy, complicated "Ocean's Eleven" style plan within a plan hacks you might see on TV or in the movies. To most people, actually hacking a website would be pretty boring. There are pieces of software [Read more...]

By | 2018-10-08T12:51:04+00:00 October 8th, 2018|