Ten Application Security Terms That Every Developer Should Know

A few months ago I gave a talk about securing microservices at the Boston Cloud Native Computing Meetup. After the presentation, a young developer (a recent college grad) came up to me and said, “Nice talk — I didn’t learn any of that at school.” I asked which parts were new to him — I had covered a lot of material, some of which (like service mesh technology) is pretty new, and it didn’t surprise me that it wouldn’t all have been covered in a CS program. “Well, we weren’t really taught anything about security,” he admitted. As we got to chatting, I realized that he wasn’t exaggerating. He’d taken one network security class and some graduate level courses on cryptography, but none of the ordinary classes incorporated security as a normal part of good software development. It was another demonstration to me that for all our talk in the industry about DevSecOps and “building security in,” the reality remains that most developers are woefully under-prepared with application security skills.  Read more “Ten Application Security Terms That Every Developer Should Know”