Application Security

Current secure code training is letting developers down

Why secure code training doesn’t stack up (and what you can do about it)

If AppSec tooling is the silver bullet, why are so many companies not firing it?

Developers have motivations to learn about secure coding…so why aren’t they?

What part does the human element play in the future of secure coding?

We need heroes to secure our code. Have developers got what it takes?

Shifting the focus from reactive to proactive, with human-led secure coding

Happy birthday SQL injection, the bug that can’t be squashed

Building trust: The path to true security synergy between AppSec and developers

Starting "left of left": Is secure code always quality code?

For developers to help slay the cybercrime beast, training is a quest in two parts

What is static analysis?

Coders Conquer Security OWASP Top 10 API Series - Improper Assets Management

My pentester, my enemy? Developers reveal what they really think about pentesting and static analysis results

The future of work is flexible, and it's great for cybersecurity

Coders Conquer Security OWASP Top 10 API Series - Insufficient Logging and Monitoring

Coders Conquer Security OWASP Top 10 API Series - Disabled Security Features/Debug Features Enabled/Improper Permissions

Introducing Missions: The next phase of developer-centric security training

Adding Parameters to Annotations Using Rewrite Actions

Coders Conquer Security OWASP Top 10 API Series - Mass Assignment

How the Australian Government can build national cybersecurity resilience and stand tall against threats

Build secure coding skills at every stage of the SSDLC

Coders Conquer Security OWASP Top 10 API Series - Missing Function Level Access Control

Coders Conquer Security OWASP Top 10 API Series - Lack of Resources and Rate Limiting

ClickShare Vulnerabilities May Have Been Patched, But They Mask a Much Bigger Problem

Coders Conquer Security OWASP Top 10 API Series - Excessive Data Exposure

Coders Conquer Security OWASP Top 10 API Series - Broken Authentication

Expert Interview: Infrastructure as Code with Oscar Quintas

Coders Conquer Security OWASP Top 10 API Series - Broken Object Level Authorization

Death by Doki: A new Docker vulnerability with serious bite (and what you can do about it)

Is your organization really DevSec-ready? Put it to the test.

Strike first, strike hard: Why curated secure coding courses extend no mercy to cyber threats

Want developers to code with security awareness? Bring the training to them.

Stop disrupting my workflow! How you can get the right security training at the right time

Coders Conquer Security Infrastructure as Code Series - Business Logic

Rust is the most-loved programming language for the fifth time. Is it our new security savior?

Coders Conquer Security Infrastructure as Code Series - Using Components From Untrusted Sources

Cybercriminals Are Attacking Healthcare (But We Can Fight Back)

Coders Conquer Security Infrastructure as Code Series: Security Misconfiguration - Improper Permissions

Coders Conquer Security Infrastructure as Code Series: Insufficient Transport Layer Protection

Coders Conquer Security Infrastructure as Code Series: Insecure Cryptography

From COBOL to Go: Why We Must Support Legacy Security Training and Beyond

Coders Conquer Security Infrastructure as Code Series: Plaintext Storage of Passwords

Webinar: Are you ready to put the "Sec" in DevOps?

Coders Conquer Security Infrastructure as Code Series: Missing Function Level Access Control

Coders Conquer Security Infrastructure as Code Series: Disabled Security Features

Turning boring PCI-DSS compliance into a meaningful exercise for everybody: Part 2 - CISOs and developer awareness

Turning boring PCI-DSS compliance into a meaningful exercise for everybody: Part 1 - AppSec

The future of cybersecurity: What WON'T be happening in the year to come

Shifting left is not enough: Why starting left is your key to software security excellence

DevSecOps in DACH: Key findings from secure coding pilot programs

Why DevOps Implementation is Often Unsuccessful (and How You Can Fix It)

The new NIST guidelines: Why customized training is essential to create secure software

Static Vs. Dynamic Cybersecurity Training: Impulsive Compliance, Future Problems

It takes a village: How community spirit creates more secure developers

Coders Conquer Security: Share & Learn Series - Insecure Deserialization

Coders Conquer Security: Share & Learn Series - Sensitive Data Exposure

Why we need to support, not punish, curious security minds

Coders Conquer Security: Share & Learn Series - XXE Injection

Coders Conquer Security: Share & Learn Series - CRLF Injection

How creative CISOs and CIOs can innovate and transform their security program

Coders Conquer Security: Share & Learn Series - Remote File Inclusion

Coders Conquer Security: Share & Learn Series - Local File Inclusion and Path Traversal

Coders Conquer Security: Share & Learn Series - Insufficient Transport Layer Protection

Coders Conquer Security: Share & Learn Series - XML Injections

Coders Conquer Security: Share & Learn Series - Insufficient Logging and Monitoring

Coders Conquer Security: Share & Learn Series - Unvalidated Redirects and Forwards

Coders Conquer Security: Share & Learn Series - Code Injection

GitHub Users Held to Ransom with Plaintext Pain

Coders Conquer Security: Share & Learn Series - Broken Access Control

For Cybersecurity Best Practice, Look to the Finance Industry

Coders Conquer Security: Share & Learn Series - Information Exposure

Coders Conquer Security: Share & Learn Series - Using Components with Known Vulnerabilities

Security' is Not a Dirty Word: How a Positive Approach Will Transform Your Security Program

Coders Conquer Security: Share & Learn Series - Authentication

Coders Conquer Security: Share & Learn Series - Insufficient Anti-Automation

Coders Conquer Security: Share & Learn Series - Business Logic Problems

DevSecOps: The Old Security Bugs Still Performing New Tricks

Coders Conquer Security: Share & Learn Series - Email Header Injection

Coders Conquer Security: Share & Learn Series: Insecure Direct Object Reference

Software Security is in the Wild West (and it's going to get us killed)

Coders Conquer Security: Share & Learn Series - Insecure Cryptographic Storage

Coders Conquer Security: Share & Learn Series - XQuery Injection

Coders Conquer Security: Share & Learn Series - Security Misconfigurations

Coders Conquer Security: Share & Learn Series - Clickjacking

Coders Conquer Security: Share & Learn Series - OS Command Injection

Coders Conquer Security: Share & Learn Series - Session Management Weaknesses

Developer Tournaments: AppSec's Secret Weapon to Improve Security Culture and Engagement

Coders Conquer Security: Share & Learn Series - Padding Oracle

Coders Conquer Security: Share & Learn Series - LDAP Injections

The Change We Need In The AppSec Badlands: My 2019 Predictions

Coders Conquer Security: Share & Learn Series - Unrestricted File Uploads

Coders Conquer Security: Share & Learn Series - NoSQL Injection

Coders Conquer Security: Share & Learn Series - Cross-Site Request Forgery

Coders Conquer Security: Share & Learn - SQL Injection

Coders Conquer Security: Share & Learn - Cross-Site Scripting

Confusing Privacy with Security: The Fatal Mistake

Why SQL Injections Are The Cockroaches of the AppSec World (and how CISOs can eradicate them once and for all)

A Brighter Future For DevSecOps? It's Closer Than You Think

Why gamification is the key to leveling up your software security