Even after 25 years, Active Directory is still a prime target for sophisticated threats. Our new SOC-focused learning path explores how certificate services are being exploited for privilege escalation and other attacks that bypass traditional defenses. blog.secureflag.com/2025/06/12/act…

It’s still surprisingly common for security to get attention at the end of development, rather than from the start. Following a structured SDLC helps prevent vulnerabilities and costly flaws from getting into production. Read more in our latest blog 📲 blog.secureflag.com/2025/06/17/gui…

Threat modeling shouldn’t mean long meetings and massive diagrams. That’s why we’ve launched ThreatCanvas Layers. Now, every stakeholder can add their insights using the right risk templates. Less talking, more doing, and way better security! blog.secureflag.com/2025/06/23/thr…

The UK’s NCSC has a new Software Security Code of Practice worth checking out. Our latest blog post takes a look at what it means for developers. It covers everything from design to deployment, ensuring that nothing is missed. #AppSec #CyberSecurity #NCSC blog.secureflag.com/2025/06/25/ncs…

One misconfigured setting is all it takes to cause a breach. Public S3 buckets, misconfigured databases, and default passwords are oversights that can lead to huge security issues. Learn more in our latest blog post!📲blog.secureflag.com/2025/06/27/sec… #AppSec #CyberSecurity #SecureFlag

Just a heads up, editable Markdown reports are now available in #ThreatCanvas! Alongside PDFs, teams can edit reports and easily customize them for specific audiences. This added flexibility makes documenting and sharing threat models more user-friendly. blog.secureflag.com/2025/07/01/thr…

#AgenticAI is more than chatbots and virtual assistants. AI agents work autonomously, deploying code, calling APIs, and making decisions without human oversight. Check out latest blog to learn how agentic AI works, the role of MCP and the risks involved. blog.secureflag.com/2025/07/08/age…

SecureFlag Analyzer extension is now live on VS Code and OpenVSX Registry! 🟢Get instant suggestions for potential vulnerabilities as you type 🟢Understand the root cause with targeted knowledge base articles 🟢Practice fixing issues with interactive labs blog.secureflag.com/2025/07/11/sec…

Trying to make sense of the #FedRAMP process? We get it, the framework is complex, and applying it isn’t always straightforward. Our latest blog breaks it down and shows how security training and threat modeling can make it easier to put into practice. blog.secureflag.com/2025/07/15/mak…

For those financial institutions working to meet #DORA, we see you! Threat modeling and secure coding training, bring structure to the process, including mapping architecture, identifying risks early, and building secure systems from the start. blog.secureflag.com/2025/07/18/sec…

Hiring third-party developers without assessing secure coding skills? That’s a risk you don’t need to take. SecureFlag enables organizations to evaluate external developers with practical labs and real-time insights. Learn more📲 blog.secureflag.com/2025/07/23/eva…

Just a little early nudge so you can save the date! #ScotSecureWest is coming up on 10 September in Glasgow, and we’d love to meet you. We’ll be there chatting about secure coding, threat modeling, and #cybersecurity throughout the day. We’re looking forward to it! #AppSec

What if threat modeling fit right into your developer stories, without breaking your flow? ThreatCanvas integrates with Jira and Azure DevOps, reads your story’s context, and creates a detailed threat model with risks and controls. blog.secureflag.com/2025/07/30/thr…

If you’re up for a bit of friendly competition… Mark your calendars for Beacon %25 in London on 11 September. Stop by for live demos and a secure coding challenge with great prizes! 🏆 We’ll be there all day, so come say hi and take on the challenge. #Beacon25 #Cybersecurity

In Episode 3 of SecurePod, former ASD Director-General Rachel Noble shares how she helped uplift Australia’s cyber capability. Listen now: secureflag.com/resources/reso… 🔴 Youtube: youtu.be/kHbmOcFqWLo?si… 🟢 Spotify: open.spotify.com/episode/7cVEp7…

What makes a secure coding training platform stand out?⭐ For this customer, it was our high-quality content and hands-on experience that outperformed other solutions they’d tried. We really appreciate the 5-star feedback! #DeveloperTraining #SecureCoding #CustomerFeedback

Who wants to spend every release patching the same vulnerabilities? With #SecureByDesign, you catch risks early, before they ever reach production. It’s faster, way less stressful, and much less costly, too. Check out our latest blog post👇blog.secureflag.com/2025/08/12/wha…

The average global cost of a data breach? USD 4.88 million. Waiting to find vulnerabilities until after deployment is expensive (and stressful!) #ThreatModeling helps teams find risks early and make better design decisions. blog.secureflag.com/2025/08/15/int…

Is #StaticAnalysis enough to keep your code secure? Not quite, as detection alone doesn’t teach developers how to prevent vulnerabilities. While it identifies security issues, it doesn’t show how to fix them. Check out our latest blog post📲 blog.secureflag.com/2025/08/19/why… #AppSec

Secure code gets all the attention, but let's not forget about dataset security. Even the safest code is at risk if the data behind it isn’t managed securely. Learn how to clean, anonymize, and manage datasets safely while staying compliant.👇 blog.secureflag.com/2025/08/22/dev…