Poor coding patterns can lead to big security problems… so why do we encourage them?

Secure Code Warrior recognized in Gartner’s Cool Vendors in Software Engineering: Enhancing Developer Productivity

Prevention in the age of the never-ending attack surface

Are we mature enough for the Open Source Software Security Mobilization Plan?

The importance of security maturity in development teams

New: SCW Connector for Okta Workflows

What's new in Secure Code Warrior: May 2022

New: Ship secure SAP ABAP code faster with ABAP training content

Psychic Signatures - what you need to know

Get ahead of software vulnerabilities in NGINX and Microsoft Windows SMB Remote Procedure Call service

Zero-day attacks are on the rise. It's time to plan a defensive edge.

Where does secure code sit on the list of development team priorities?

The cybersecurity issues we can’t ignore in 2022

What is Trojan Source and how does it sneak into your source code

Your guide to defense against the dark art of zero-day attacks

Champions vs. coaches: Why every development team needs both

Why scaffolded learning builds security-strong developers

The Log4j vulnerability explained - Its attack vector and how to prevent it

Cybersecurity industry analysis: Another recurring vulnerability we must correct

Is your security program focused on incident response? You're doing it wrong.

API on Wheels: A road trip of risky vulnerabilities

Lifting the veil on cyber vulnerabilities in Government supply chain pipelines

Security-aware developers: AppSec needs you!

Future frontiers: Why developers need to go beyond the OWASP Top 10 for secure coding mastery

How to convince your boss to invest in secure coding training

Incentivizing developers is the key to better security practices

Experience the impact of the Path Traversal Vulnerability to blame for the recent Apache woes

Warrior Insider: Nelnet - Nurture your security champions and create a culture of secure development from within

OWASP’s 2021 list shuffle: A new battle plan and primary foe

Elevated security intelligence: Guided courses helping developers get NIST-ready

When good microwaves go bad: Why embedded systems security is the next boss battle for developers

Secure development should be AppSec’s immune system

Why end-to-end security is important for embedded systems

MISRA C 2012 vs MISRA C2 - How to make a switch

Warrior Insider: Contrast Security - Give developers impactful cybersecurity training with contextual learning

Why we must never overlook the human factor in cybersecurity

Leaky APIs threaten to wash company reputations out to sea

Making moves with NIST: Our human-led position on the future of cyber defense

Warrior Insider: Selligent - why cybersecurity matters when scaling your business

The rise of DevSecOps – and what 'shifting left' really means for your organization.

Shifting from reaction to prevention: The changing face of software security 2021 - Whitepaper

Ship quality code faster, with confidence: the transformative power of secure coding practices.

Cybersecurity Executive Order: A deliberate approach to improve software security with developer skills

Secure code training = better code + faster release dates

Realigning your organization around secure coding – barriers, concerns, and active solutions

Certified security awareness: An Executive Order to elevate developers

Managers and security champions – the pied pipers and critical influencers of secure coding practices.

A cyberattack occurs every 39 seconds. Is the government finally equipped to fight back?

What keeps development teams up at night when it comes to secure coding?

Hiding in plain sight: Why the SolarWinds attack revealed more than malicious cyber risk

Why secure code is the new success metric in software development

How to configure secure code training for better secure coding outcomes

Current secure code training is letting developers down

Why secure code training doesn’t stack up (and what you can do about it)

If AppSec tooling is the silver bullet, why are so many companies not firing it?

Developers have motivations to learn about secure coding…so why aren’t they?

What part does the human element play in the future of secure coding?

We need heroes to secure our code. Have developers got what it takes?

Shifting the focus from reactive to proactive, with human-led secure coding

Happy birthday SQL injection, the bug that can’t be squashed

Building trust: The path to true security synergy between AppSec and developers

Starting "left of left": Is secure code always quality code?

For developers to help slay the cybercrime beast, training is a quest in two parts

What is static analysis?

Coders Conquer Security OWASP Top 10 API Series - Improper Assets Management

My pentester, my enemy? Developers reveal what they really think about pentesting and static analysis results

The future of work is flexible, and it's great for cybersecurity

Coders Conquer Security OWASP Top 10 API Series - Insufficient Logging and Monitoring

Coders Conquer Security OWASP Top 10 API Series - Disabled Security Features/Debug Features Enabled/Improper Permissions

Introducing Missions: The next phase of developer-centric security training

Adding Parameters to Annotations Using Rewrite Actions

Coders Conquer Security OWASP Top 10 API Series - Mass Assignment

How the Australian Government can build national cybersecurity resilience and stand tall against threats

Build secure coding skills at every stage of the SSDLC

Coders Conquer Security OWASP Top 10 API Series - Missing Function Level Access Control

Coders Conquer Security OWASP Top 10 API Series - Lack of Resources and Rate Limiting

ClickShare Vulnerabilities May Have Been Patched, But They Mask a Much Bigger Problem

Coders Conquer Security OWASP Top 10 API Series - Excessive Data Exposure

Coders Conquer Security OWASP Top 10 API Series - Broken Authentication

Expert Interview: Infrastructure as Code with Oscar Quintas

Coders Conquer Security OWASP Top 10 API Series - Broken Object Level Authorization

Death by Doki: A new Docker vulnerability with serious bite (and what you can do about it)

Is your organization really DevSec-ready? Put it to the test.

Strike first, strike hard: Why curated secure coding courses extend no mercy to cyber threats

Want developers to code with security awareness? Bring the training to them.

Stop disrupting my workflow! How you can get the right security training at the right time

Coders Conquer Security Infrastructure as Code Series - Business Logic

Rust is the most-loved programming language for the fifth time. Is it our new security savior?

Coders Conquer Security Infrastructure as Code Series - Using Components From Untrusted Sources

Cybercriminals Are Attacking Healthcare (But We Can Fight Back)

Coders Conquer Security Infrastructure as Code Series: Security Misconfiguration - Improper Permissions

Coders Conquer Security Infrastructure as Code Series: Insufficient Transport Layer Protection

Coders Conquer Security Infrastructure as Code Series: Insecure Cryptography

COBOL Application Development Security | Secure Code Warrior

Coders Conquer Security Infrastructure as Code Series: Plaintext Storage of Passwords

Webinar: Are you ready to put the "Sec" in DevOps?

Coders Conquer Security Infrastructure as Code Series: Missing Function Level Access Control

Coders Conquer Security Infrastructure as Code Series: Disabled Security Features

Turning boring PCI-DSS compliance into a meaningful exercise for everybody: Part 2 - CISOs and developer awareness

Turning boring PCI-DSS compliance into a meaningful exercise for everybody: Part 1 - AppSec