Podcast appearances and mentions of tanya janca

  • 117PODCASTS
  • 262EPISODES
  • 47mAVG DURATION
  • 1EPISODE EVERY OTHER WEEK
  • Jun 24, 2026LATEST

POPULARITY

20192020202120222023202420252026


Best podcasts about tanya janca

Latest podcast episodes about tanya janca

RunAs Radio
Securing Developers with Tanya Janca

RunAs Radio

Play Episode Listen Later Jun 24, 2026 34:27


How can sysadmins help software developers work securely and make more secure applications? While at NDC in Toronto, Richard sat down with Tanya Janca of SheCodesPurple to discuss what admins can do to help address the security challenges software developers face. Tanya talks about securing development environment and pipelines - developers routinely work from high privilege accounts because their tools require it, and as a result, have become the targets of black hats to get access to accounts, keys, and other exploitable resources. There are plenty of tools available to help work through the issues, including the latest AI-powered tools. LLMs can also help generate more secure code in the first place, and Tanya has created a set of prompts you can use to create more secure software. The threat landscape is shifting with these tools, and we need to act quickly to resist the new attacks! Links SheHacksPurple Canadian Guidance on Resisting Supply Chain Attacks OWASP Top 10 Security Risks for 2025 Prompts for Generating Secure Code Recorded May 8, 2026

Colorado = Security Podcast
287 - Tanya Janca - CEO of SheHacksPurple Consulting

Colorado = Security Podcast

Play Episode Listen Later Jun 23, 2026 107:10


Our featured guest this month is Tanya Janca, CEO of SheHacksPurple Consulting, board member for the Forte Group, and former keynote speaker at the Snow Frog conference, interviewed by Frank Victory. We break down the stark differences between privacy and cybersecurity policy globally, the uncomfortable gap between compliance frameworks and real-world risk, and her personal crusade to institute the world's first secure coding law. Plus, we dive into the major Colorado OIT restructuring, local development updates at DIA, and the latest threat intel and AI insights from Zvelo, Red Canary, Optiv, FusionAuth, and Lares! Our featured guest this month is Tanya Janca, widely known across the industry as SheHacksPurple. Tanya is the CEO of SheHacksPurple Consulting, a board member for the Forte Group, a former keynote speaker at the SnowFroc conference, and the best-selling author of Alice and Bob Learn Application Security. With over 25 years of IT and software development experience, Tanya joins Frank Victory for a candid, deep-dive exploration into the intersection of global security policy, developer workflows, and the massive disconnect between checked compliance boxes and truly defensive software engineering. Check out the full episode where we discuss: The Policy vs. Security Gap: Why international frameworks and high-visibility initiatives like the US SBOM Executive Order often favor visibility and tooling purchases over actual vulnerability remediation and code-level security. Shifting Left and Secure Guidelines: Why the industry routinely relies on catching vulnerabilities late via adversary simulation and penetration testing rather than establishing secure requirements, guardrails, and clear guidelines at the design phase. The Secure Coding Law Crusade: Tanya details her current petition in the Canadian House of Commons to establish a strict, accountability-driven secure coding law that could set a global baseline for how governments and private enterprises hold software to a true safety standard. Come join us on the Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com. This Month's News & Resources Colorado overhauls state IT office, lays off 173 employees after negative feedback (Colorado Sun) Colorado's fierce two-year fight over AI regulation ends with watered-down law, little fanfare (Colorado Sun) Denver ranks among ‘most exciting U.S. cities to drink in right now' (Westword) Denver airport plans pedestrian walkways between concourses (Ground News / DIA) Denver-area inflation increases to 5%. Blame energy costs. (Colorado Sun) How Lares Thinks About Mythos-Class AI in Offensive Security (Lares) The Security Risks of Agent-to-Agent (A2A) Communication (zvelo) Red Canary May Threat Intel Highlights (Red Canary) Advanced AI Protections for CISOs: A Practical Punch List (Optiv) We Surveyed More Than 300 Security Leaders on AI Identity. The Findings Are Counterintuitive (FusionAuth) Tanya Janca on LinkedIn https://cppcon.org/ https://www.devsecstation.com/ https://shehackspurple.ca/ Secure Coding Guidelines — Tanya's free, boiled-down 84-item guide referenced in the episode. Upcoming Events Rocky Mountain Information Security Conference (RMISC) - 6/23-25. ISC2 Pikes Peak - 6/24. ISSACOS Biergarten - 6/25 Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

ceo ai news language policy blame agent consulting commons robb lares optiv tanya janca red canary security leaders canadian house shehackspurple agrarians fusionauth cj adams
Dev Interrupted
Your developers are the attack surface now and vibe coding as a vulnerability | Tanya Janca

Dev Interrupted

Play Episode Listen Later Jun 23, 2026 46:06


Developers are like water: if you make your security protocols too difficult, they will find a way to flow right around them. This week on Dev Interrupted, bestselling author and OWASP Top 10 Project Leader Tanya Janca returns to unpack why vibe coding has officially made the list of the most critical security risks in software development. Tanya breaks down the psychology of bad code, explains why the modern software engineer has become the primary attack surface, and shares actionable strategies for shifting security left directly into your AI prompts. Finally, she provides practical, behavioral solutions for building a golden path that makes secure coding the easy choice for your engineering team. Register here: for the June 25th workshop, Life Beyond Tokenmaxxing, to learn how to measure real AI impact and ROI across the SDLC.Follow the show:Subscribe to our Substack Follow us on LinkedInSubscribe to our YouTube ChannelLeave us a ReviewFollow the hosts:Follow AndrewFollow BenFollow DanFollow today's guest:SheHacksPurple: Learn secure coding from Tanya at shehackspurple.caDevSec Station: Listen to Tanya's bite-sized security podcast for developers at devsecstation.comSecure My Vibe: Download Tanya's free AI secure coding prompt library at securemyvibe.ca The Psychology of Bad Code: Read Tanya's insightful blog series on behavioral economics and application security on the SheHacksPurple BlogOWASP Top 10: Learn more about the most critical security risks to web applications at owasp.orgTanya's Newsletter: Sign up for Tanya's newsletter at  newsletter.shehackspurple.ca  Connect with Tanya: LinkedIn | Twitter/XOFFERSStart Free Trial: Get started with LinearB's AI productivity platform for free.Book a Demo: Learn how you can ship faster, improve DevEx, and lead with confidence in the AI era.LEARN ABOUT LINEARBAI Code Reviews: Automate reviews to catch bugs, security risks, and performance issues before they hit production.AI & Productivity Insights: Go beyond DORA with AI-powered recommendations and dashboards to measure and improve performance.AI-Powered Workflow Automations: Use AI-generated PR descriptions, smart routing, and other automations to reduce developer toil.MCP Server: Interact with your engineering data using natural language to build custom reports and get answers on the fly.

Hacker Valley Studio
Is Vibe Coding Breaking the Internet? with Tanya Janca

Hacker Valley Studio

Play Episode Listen Later Jun 2, 2026 35:46


What happens when AI writes all the code and nobody reads it? What if the security prompt you trusted still produced software designed to leak your secrets? And who exactly is on the hook when an AI-generated application takes down your company? In this episode, Ron sits down with returning guest Tanya Janca, Secure Coding Trainer at SheHacksPurple Consulting, to dig into one of the most underestimated risks in software development today: vibe coding.  Tanya breaks down what vibe coding actually means, why AI trained on the internet's worst repositories is quietly baking the OWASP Top 10 into every app being built, and what her AI-powered secure coding prompt library can do to help. This is a candid, practical, and community-driven episode, the kind that'll make you want to audit your vibe code-a-thon project before it ever touches production. Impactful Moments 00:00 - Introduction 01:40 - The Rewind: Margaret Hamilton and Apollo 11 05:00 - Knight Capital and the $460M software failure 07:00 - Guest introduction: Tanya Janca  08:15 - What vibe coding actually means in 2026 10:00 - Real story: Claude leaked secrets in a live training 11:30 - Securemyvibe.ca and Tanya's secure coding prompt library 15:00 - OWASP Top 10 vs OWASP Top 10 for LLMs  22:45 - Tanya's petition for the world's first secure coding law 24:55 - Device flow authentication and reducing security friction 28:00 - What the internet would look like in five years without change   Links Connect with our guest, Tanya Janca, on LinkedIn: https://www.linkedin.com/in/tanya-janca Get Tanya's free secure coding guideline: https://securecodingguideline.com Subscribe to Tanya's AI Secure Coding Prompt Library: https://securemyvibe.ca Access Tanya's Newsletter & Free Monthly Training: https://newsletter.shehackspurple.ca Connect with Tanya across all social channels: @shehackspurple – Check out our upcoming events: https://www.hackervalley.com/livestreams  Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com  Become a sponsor of the show: https://hackervalley.com/work-with-us/

Application Security PodCast
Tanya Janca - Secure Vibe Coding

Application Security PodCast

Play Episode Listen Later Apr 30, 2026 47:57


AI isn't just helping developers anymore; it's writing the code, and that changes everything. In this episode, Tanya Janca breaks down “vibe coding,” the hidden security risks behind it, and how teams need to rethink AppSec from the ground up. If you're building with AI, this is the wake-up call you can't afford to miss. Tanya Janca, AKA SheHacksPurple, is an author, founder, trainer, speaker, software developer, but most of all, a nerd obsessed with security. She speaks and teaches secure coding worldwide and through her podcast, DevSec Station. Check it out here: https://www.youtube.com/@DevSecStationFOLLOW OUR SOCIAL MEDIA:➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcastThanks for Listening!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Resilient Cyber
Securing the Vibe: Tanya Janca on AI-Generated Code, Mythos, and the New AppSec Reality

Resilient Cyber

Play Episode Listen Later Apr 27, 2026 38:24


A new episode of the Resilient Cyber Show just dropped, and this one is a conversation I've been looking forward to for a long time.I sat down with Tanya Janca, better known to most of the AppSec world as SheHacksPurple. Tanya is the best-selling author of Alice and Bob Learn Application Security and Alice and Bob Learn Secure Coding, an OWASP Lifetime Distinguished Member, CEO of She Hacks Purple Consulting, and one of the most recognized voices in application security and developer education on the planet.The timing of this conversation is hard to overstate. The OWASP Top 10 2025 was announced at the Global AppSec Conference last year, with two new categories, Software Supply Chain Failures and Mishandling of Exceptional Conditions, and SSRF folded into Broken Access Control. Recently, Anthropic released the Claude Mythos Preview system card, documenting a model that has already found thousands of high-severity zero-day vulnerabilities autonomously, including bugs in every major operating system and web browser, and a 27-year-old vulnerability in OpenBSD.In other words, AppSec is at a hinge moment, and Tanya is exactly the right person to think out loud with about it.Here's what we get into:What the OWASP Top 10 2025 got right, what it missed, and how teams should actually use itAI-generated code, “vibe coding,” and Tanya's brand-new free prompt library for secure coding with AI assistants, SecureMyVibe.caWhat Mythos-class capabilities mean for the offense/defense asymmetry AppSec has always lived withHow AI is genuinely changing the SDLC, where it creates lift, where it creates noise, and where it creates entirely new attack surfaceArchitecting real defenses at the prompt layer, across MCP servers, and inside RAG pipelines, not just bolting content filters onto the front doorWhy developers are the new attack surface, and why a lot of what gets labeled as “supply chain attacks” lately is really a developer compromise that cascaded into the supply chainTanya's threat model, defense framework, and maturity model for protecting developers themselvesDevSec Station, Tanya's new podcast delivering 5–10 minute secure coding lessons in a format built for how developers actually consume contentWhat she'd change tomorrow about how AppSec programs are built and run if she could change just one thingThis is one of those conversations that ranges from the practical (what to do Monday morning) to the philosophical (what does it even mean to “secure software” when an AI can find more zero-days in a weekend than a Red Team finds in a year). Tanya brings the rare combination of deep technical chops, real teaching ability, and genuine warmth that makes a hard subject feel approachable.If you lead an AppSec program, write code for a living, run a security team trying to keep up with AI-assisted development, or you're just trying to figure out where this whole industry is heading, this is the episode for you.Resources from the episode:SecureMyVibeDevSec Station Podcast (Tanya's new show)She Hacks Purple ConsultingAlice and Bob Learn Application Security and Alice and Bob Learn Secure CodingOWASP Top 10 2025 — https://owasp.org/Top10/2025/Claude Mythos Preview System Card — AnthropicThanks for being here. If this episode landed for you, the best thing you can do is share it with one person on your team who'd find it useful, that's how this newsletter and show grow.

Talk Python To Me - Python conversations for passionate developers
#545: OWASP Top 10 (2025 List) for Python Devs

Talk Python To Me - Python conversations for passionate developers

Play Episode Listen Later Apr 16, 2026 66:03 Transcription Available


The OWASP Top 10 just got a fresh update, and there are some big changes: supply chain attacks, exceptional condition handling, and more. Tanya Janca is back on Talk Python to walk us through every single one of them. And we're not just talking theory, we're going to turn Claude Code loose on a real open source project and see what it finds. Let's do it. Episode sponsors Temporal Talk Python Courses Links from the show DevSec Station Podcast: www.devsecstation.com SheHacksPurple Newsletter: newsletter.shehackspurple.ca owasp.org: owasp.org owasp.org/Top10/2025: owasp.org from here: github.com Kinto: github.com A01:2025 - Broken Access Control: owasp.org A02:2025 - SecuA02 Security Misconfiguration: owasp.org ASP.NET: ASP.NET A03:2025 - Software Supply Chain Failures: owasp.org A04:2025 - Cryptographic Failures: owasp.org A05:2025 - Injection: owasp.org A06:2025 - Insecure Design: owasp.org A07:2025 - Authentication Failures: owasp.org A08:2025 - Software or Data Integrity Failures: owasp.org A09:2025 - Security Logging and Alerting Failures: owasp.org A10 Mishandling of Exceptional Conditions: owasp.org https://github.com/KeygraphHQ/shannon: github.com anthropic.com/news/mozilla-firefox-security: www.anthropic.com generalpurpose.com/the-distillation/claude-mythos-what-it-means-for-your-business: www.generalpurpose.com Python Example Concepts: blobs.talkpython.fm Watch this episode on YouTube: youtube.com Episode #545 deep-dive: talkpython.fm/545 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Cyber Security Today
She Hacks Purple: An Interview With Cybersecurity Expert Tanya Janca

Cyber Security Today

Play Episode Listen Later Jan 17, 2026 43:03


Building Secure Software with Tanya Janca: From Coding to Cybersecurity Advocacy In this episode of Cybersecurity Today, host Jim Love interviews Tanya Janca, also known as She Hacks Purple, a renowned Canadian application security expert and author. Tanya shares her journey from a software developer and musician to becoming a penetration tester and cybersecurity advocate. She discusses her work in training developers on secure coding practices and application security, emphasizing the need for integrated security training in academic programs and the software development lifecycle. Tanya also talks about the challenges women face in the cybersecurity field and her efforts to empower underrepresented groups through initiatives like WOsec and We Hack Purple. Sponsored by Meter, this episode dives deep into the importance of building security into software development and the potential role of AI in improving code security. 00:00 Introduction and Sponsor Message 00:18 Meet Tanya Janca: The Journey Begins 01:05 From Developer to Pen Tester 03:14 Empowering Women in Cybersecurity 13:11 Challenges in Academia and Training 19:18 The Need for Secure Coding 21:22 Challenges in Medical Device Security 22:18 The Economics of Open Source 24:43 Building Security into Development 26:14 Training and Cultural Shifts 32:33 AI and Secure Coding 39:03 Incident Response and Preparedness 39:54 Final Thoughts and Future Directions

The Mindful Business Security Show
The importance of application security in small businesses

The Mindful Business Security Show

Play Episode Listen Later Dec 18, 2025 70:52


The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Join our hosts as they take questions from business leaders like you!   On this episode, Accidental CISO is joined by guest host Tanya Janca, @shehackspurple. Tanya is a hacker, software developer, author, and educator. She is passionate about application security and helping organization's build secure software. She is also an active contributor to the cybersecurity community.   In this episode, Tanya mentioned many useful resources: Tanya's SDLC Cheat Sheet and Newsletter Tanya's Github Repo - Train the Trainer - Pushing Left Tanya's Github Repo - Train the Trainer - Security is Everybody's Job OWASP SAMM (maturity model) OWASP Top 10 - 2025 OWASP Training Videos on YouTube Bob and Alice Learn Secure Coding by Tanya Janca Bob and Alice Learn Application Security by Tanya Janca Software Supply Chain Security by Cassie Crosley   You can find Tanya online via her website as well as LinkedIn, Bluesky, X, Mastodon, Tiktok, and YouTube. You'll also be able to connect with her via her new online community, DevSec Station, launching in early 2026.   Additionally, you can find a playlist of Tanya's music on her YouTube channel.   Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show. Visit our podcast page and sign up now!   Show Merch: https://shop.mindfulsmbshow.com/ Website: https://www.focivity.com/podcast Twitter: @mindfulsmbshow Hosted by: @AccidentalCISO Produced by: @Focivity Theme music by Michael Kobrin.

Darknet Diaries
165: Tanya

Darknet Diaries

Play Episode Listen Later Nov 4, 2025 47:43


Tanya Janca is a globally recognized AppSec (application security) expert and founder of We Hack Purple. In this episode, she shares wild stories from the front lines of cybersecurity. She shares stories of when she was a penetration tester to an incident responder.You can sign up for her newsletter at https://newsletter.shehackspurple.ca/SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This episode is sponsored by Hims. Hims offers access to ED treatment options ranging from trusted generics that cost up to 95% less than brand names to Hard Mints, if prescribed. To get simple, online access to personalized, affordable care for ED, Hair Loss, Weight Loss, and more, visit https://hims.com/darknet.Support for this show comes from Drata. Drata is the trust management platform that uses AI-driven automation to modernize governance, risk, and compliance, helping thousands of businesses stay audit-ready and scale securely. Learn more at drata.com/darknetdiaries.View all active sponsors.Books Alice and Bob Learn Secure Coding by Tanya Janca Alice and Bob Learn Application Security by Tanya Janca

Bare Knuckles and Brass Tacks
Code as Critical Infrastructure, Entrepreneurship, and Funding Innovation

Bare Knuckles and Brass Tacks

Play Episode Listen Later Jul 7, 2025 50:56


Tanya Janca joins the show this week, with unique perspective on building secure software and advocating for better cybersecurity policy.George K and George A talk to Tanya about: Her transition from 14 years as a Canadian public servant to private sector entrepreneurship The core values that guide her work: performing good and moving the industry toward secure software Entrepreneurship since age 19: solving real problems that hurt badly enough for people to pay Civil advocacy for security by design policies and challenging inadequate government cybersecurity practicesTanya's perspective on building businesses around genuine problem-solving rather than just seeking acquisition or wealth creation offers valuable insights for any founder. Whether you're interested in secure coding, entrepreneurship, or how to advocate for better cybersecurity policy, this episode delivers actionable insights from someone who's been in the trenches and made real impact.Mentioned: The Eh List: https://ehlist.org/ Forte Group: forte-group.org/home-our-mission Tanya's petition: https://www.ipetitions.com/petition/secure-canadas-future Tanya's Secure Coding Guideline: newsletter.shehackspurple.ca/c/secure-coding-guideline

Cloud Security Podcast
RSA Conference 2025 Recap: Top Themes, Actionable Insights & Future Trends

Cloud Security Podcast

Play Episode Listen Later May 9, 2025 53:52


Dive deep into the key takeaways from RSA Conference 2025 with our expert panel! Join Ashish Rajan, James Berthoty, Chris Hughes, Tanya Janca, and Francis Odum as they dissect the biggest trends, surprises, and "hot takes" from one of the world's largest cybersecurity events.In this episode, we cover:Initial reactions and the sheer scale of RSA Conference 2025.Major themes: AI's impact on cybersecurity, especially AppSec, vendor consolidation, the evolution of runtime security, and more.The rise of AI-native applications and how they're reshaping the landscape.Deep dives into Application Security (AppSec), secure coding with AI, and the future of vulnerability management.Understanding runtime security beyond DAST and its critical role.Unexpected insights and surprising takeaways from the conference floor.Guests include:⁠Chris Hughes ⁠– CEO at Aquia & host of ⁠Resilient Cyber⁠⁠James Berthoty⁠ – Cloud and AppSec engineer, known for sharp vendor analysis and engineering-first content and ⁠Latio Tech⁠⁠Tanya Janca ⁠– Founder of ⁠ She Hacks Purple⁠Francis Odum⁠ – Founder of S⁠oftware Analyst Cyber ResearchPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction: Unpacking the RSA Conference 2025(02:20) Meet the Experts: Panelist Introductions(03:39) RSAC First Impressions: Scale, Excitement & Attendee Numbers(07:52) Top Themes from RSA Conference 2025(16:01) AI's Evolution: Native Applications & AppSec's Transformation(33:30) Demystifying Runtime Security (Beyond DAST)(40:23) RSA Surprises & Unexpected Takeaways

Relating to DevSecOps
Episode #078:

Relating to DevSecOps

Play Episode Listen Later Apr 22, 2025 46:48


Send us a textIn this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expert, and champion of making security usable. Together, they dig into why so many application security policies fail, why developers ignore them, and how to make them actually work. Tanya shares real-world experiences from both dev and security perspectives, plus her journey from being ignored to lobbying governments for change.From communication failures and TL;DR policy pages to leveraging wikis and code reuse, this episode is a practical masterclass in creating impactful, developer-friendly security standards.

Dev Interrupted
How Marketing Ruined Shift Left | Semgrep's Tanya Janca

Dev Interrupted

Play Episode Listen Later Apr 15, 2025 48:52 Transcription Available


When it comes to securing software, most developers feel like they're playing catch-up instead of setting the rules.Tanya Janca (SheHacksPurple), author of "Alice and Bob Learn Secure Coding," brings her 28 years of IT and security expertise—spanning counter-terrorism to enterprise training—to Dev Interrupted. She unpacks the common pitfalls teams face when security is treated as an afterthought, highlighting the developer frustration of being held accountable for security without the tools or knowledge needed to succeed.Explore how transforming security from a final gate into an ongoing practice saves money, reduces conflict, and builds better software through clear requirements and true developer empowerment. Tanya provides concrete advice for developers and leaders on creating internal knowledge libraries, fostering continuous learning habits, and critically evaluating AI-generated code to ensure it meets security standards. Speaking of AI's growing role, we're curious how it's reshaping workflows across the industry. Share your own experiences with AI adoption by taking our quick survey to discover your spot on the adoption graph (and what you can do to level up).Check out:Beyond Copilot: Gaining the AI AdvantageSurvey: Discover Your AI Collaboration StyleFollow the hosts:Follow BenFollow AndrewFollow today's guest(s):Website: SheHacksPurpleLinkedIn: Tanya JancaBook: Alice and Bob Learn Secure CodingReferenced in today's show:Shopify CEO says staffers need to prove jobs can't be done by AI before asking for more headcountAnthropic flips the script on AI in education: Claude's Learning Mode makes students do the thinkingCelebrate 50 years of Microsoft with the company's original source codeSupport the show: Subscribe to our Substack Leave us a review Subscribe on YouTube Follow us on Twitter or LinkedIn Offers: Learn about Continuous Merge with gitStream Get your DORA Metrics free forever

Software Engineering Radio - The Podcast for Professional Software Developers

Tanya Janca, author of Alice and Bob Learn Secure Coding, discusses secure coding and secure software development life cycle with SE Radio host Brijesh Ammanath. This session explores how integrating security into every phase of the SDLC helps prevent vulnerabilities from slipping into production. Tanya strongly recommends defining security requirements early, and discusses the importance of threat modeling during design, secure coding practices, testing strategies such as static, dynamic, and interactive application security testing (SAST, DAST and IAST), and the need for continuous monitoring and improvement after deployment. This episode is sponsored by Codegate.ai

Paul's Security Weekly
First Do No Harm - Security Challenges in Healthcare - Ed Gaudet, Tanya Janca - ESW #396

Paul's Security Weekly

Play Episode Listen Later Mar 3, 2025 122:30


In 2011, Marc Andreessen predicted that software would eat the world. Specifically, the prediction was that software companies would take over the economy and disrupt all industries. The economic prediction has mostly come true, with 9 out of 10 of the most highly valued companies being tech companies. The industry disruption didn't materialize in some cases, and outright failed in others. Healthcare seems to be one of these 'disruption-resistant' areas. Ed joins us today to discuss why that might be, and what the paths towards securing the healthcare industry might look like. Segment Resources: Ed's podcast, Risk Never Sleeps We get a visit from Tanya Janca to discuss her latest book, Alice and Bob Learn Secure Coding! Segment Resources: Tanya's latest book on Amazon Tanya's previous book, Alice and Bob Learn Application Security on Amazon Tanya's website, She Hacks Purple This week, in the enterprise security news, we've got some funding and acquisitions! ransomware payments are DOWN 35% infostealers on Macs are UP 101% Bybit got hit by a $1.5B heist and shrugged it off A SaaS report says AI is having no impact on pricing Microsoft's CEO says AI is generating no value Google is dropping SMS as a second factor Google creates a 4th state of matter instead of fixing Teams What it's like to be named “Null” All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-396

Enterprise Security Weekly (Audio)
First Do No Harm - Security Challenges in Healthcare - Ed Gaudet, Tanya Janca - ESW #396

Enterprise Security Weekly (Audio)

Play Episode Listen Later Mar 3, 2025 122:30


In 2011, Marc Andreessen predicted that software would eat the world. Specifically, the prediction was that software companies would take over the economy and disrupt all industries. The economic prediction has mostly come true, with 9 out of 10 of the most highly valued companies being tech companies. The industry disruption didn't materialize in some cases, and outright failed in others. Healthcare seems to be one of these 'disruption-resistant' areas. Ed joins us today to discuss why that might be, and what the paths towards securing the healthcare industry might look like. Segment Resources: Ed's podcast, Risk Never Sleeps We get a visit from Tanya Janca to discuss her latest book, Alice and Bob Learn Secure Coding! Segment Resources: Tanya's latest book on Amazon Tanya's previous book, Alice and Bob Learn Application Security on Amazon Tanya's website, She Hacks Purple This week, in the enterprise security news, we've got some funding and acquisitions! ransomware payments are DOWN 35% infostealers on Macs are UP 101% Bybit got hit by a $1.5B heist and shrugged it off A SaaS report says AI is having no impact on pricing Microsoft's CEO says AI is generating no value Google is dropping SMS as a second factor Google creates a 4th state of matter instead of fixing Teams What it's like to be named “Null” All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-396

Paul's Security Weekly TV
Alice and Bob Learn Secure Coding - Tanya Janca - ESW #396

Paul's Security Weekly TV

Play Episode Listen Later Mar 3, 2025 34:24


We get a visit from Tanya Janca to discuss her latest book, Alice and Bob Learn Secure Coding! Segment Resources: Tanya's latest book on Amazon Tanya's previous book, Alice and Bob Learn Application Security on Amazon Tanya's website, She Hacks Purple Show Notes: https://securityweekly.com/esw-396

Enterprise Security Weekly (Video)
Alice and Bob Learn Secure Coding - Tanya Janca - ESW #396

Enterprise Security Weekly (Video)

Play Episode Listen Later Mar 3, 2025 34:24


We get a visit from Tanya Janca to discuss her latest book, Alice and Bob Learn Secure Coding! Segment Resources: Tanya's latest book on Amazon Tanya's previous book, Alice and Bob Learn Application Security on Amazon Tanya's website, She Hacks Purple Show Notes: https://securityweekly.com/esw-396

Application Security PodCast
Tanya Janca -- A Secure SDLC from a Developer's Perspective

Application Security PodCast

Play Episode Listen Later Feb 26, 2025 48:54


Security expert Tanya Janca discusses her new book "Alice and Bob Learn Secure Coding" and shares insights on making security accessible to developers. In this engaging conversation, she explores how security professionals can better connect with developers through threat modeling, maintaining empathy, and creating inclusive learning environments. Tanya emphasizes the importance of system maintenance after deployment and shares practical advice on input validation, while highlighting how security teams can build better relationships with development teams by avoiding arrogance and embracing collaboration.Tanya's new book:  Alice & Bob Learn Secure CodingThree Individuals that Tanya would like to introduce to you:Confidence Staveley https://confidencestaveley.com/Rana Khalil https://www.linkedin.com/in/ranakhalil1Laura Bell Main https://www.laurabellmain.com/FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Breaking Badness
Zero Trust, Secure Coding & Developer Incentives: Tanya Janca on AppSec's Biggest Challenges

Breaking Badness

Play Episode Listen Later Feb 9, 2025 36:49


In this episode of Breaking Badness, we welcome back Tanya Janca, aka SheHacksPurple, to discuss her latest book, Alice and Bob Learn Secure Coding. Tanya dives deep into the fundamental principles of secure software development, the psychology behind developer incentives, and the often-overlooked importance of zero trust security.

The .NET Core Podcast
The Security Expert Speaks: Tanya Janca on Learning to Code Securely

The .NET Core Podcast

Play Episode Listen Later Jan 24, 2025 71:07


RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "From the very first lesson of "Hello, World" they teach us to make insecure code. So the first thing with "Hello, World" is how to output to the screen. That is fine. But the second part of "Hello, World" is: you ask them their name, you take their name. you don't validate it, and then you say "Hello," and you reflect their name back onto the screen with no output encoding. And then you just made cross-site scripting. And right from the very first lesson, we teach everyone wrong in pretty much every language, and so as a result we end up with a lot of people doing code the wrong way. Like, universities are still teaching lots of things wrong. And so I'm hoping that this book will help."— Tanya Janca Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie's throat infection returned, making it tough for him to record this intro. In this episode, we welcomed Tanya Janca back to the show. This conversation marks her third appearance on the show, and a slight change in focus to Secure Coding. We talk about how developers are taught to write insecure code from day one (or "Hello, World!"), about how her new book "Alice and Bob Learn Secure Coding" could help with that, the many hours of free education and learning that Tanya has created alongside the book, and how both data scientists and academics approach software development differently to some of us developers. "There are so many amazing security features in .NET. There's so many. Like, because I... I wrote about eight different frameworks and .NET by far had the absolute most different security features. And part of it, some of them are from Windows. Some of them are from C... because I wrote about C# and .NET. And to be quite honest, audience, I mixed them up quite a bit because, "what is specifically C#, and what is specifically .NET," got a bit confused in my brain. But I'm like, all of it's good. Do all of it"— Tanya Janca Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. My voice was created using Generative AI. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/the-security-expert-speaks-tanya-janca-on-learning-to-code-securely/ Tanya's Previous Appearances: Episode 77 - Application Security with Tanya Janca Episode 105 - More Application Securuty with Tanya Janca Useful Links Tanya's books Tanya's newsletter Hello, World Don't Accept The Defaults Semgrep Okta Pushing Left, Like a Boss: Part 1 Owasp DAST (Dynamic Application Security Testing) SAST (Static Application Security Testing) Semgrep Academy (previously known as WeHackPurple Academy) Application Security Foundations Level 1 Owasp Juice Shop OwaspHeaders.Core Owasp Top Ten Content-Security-Policy Trusted Types Jason Haddix Retrieval-Augmented Generation (aka RAG) Posting Malicious Code as an Answer Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

No Password Required
No Password Required Podcast Special Episode - Tanya Janca

No Password Required

Play Episode Listen Later Jan 23, 2025 34:05


In this conversation, Tanya Janca discusses the importance of secure coding in the cybersecurity landscape, sharing her journey and experiences as both a developer and educator. She emphasizes the need for software developers to understand security principles, the role of OWASP in providing resources, and the challenges of balancing user experience with security measures. Tanya also highlights the significance of validation in development and the implications of implied trust in cybersecurity practices.

Breaking Badness
Tanya Janca on Secure Coding, AppSec, and Breaking Barriers in Cybersecurity

Breaking Badness

Play Episode Listen Later Jan 12, 2025 47:28


In this episode of Breaking Badness, we sit down with Tanya Janca, aka SheHacksPurple, a cybersecurity educator, and author of the best-selling book Alice and Bob Learn Application Security. Tanya shares her journey from software developer to AppSec expert, dives into the unique challenges of teaching secure coding, and discusses the impact of cybersecurity breaches on industries and individuals. From her creative teaching methods to her advocacy for change in university curriculums, Tanya offers insights that resonate with developers, educators, and security professionals alike. Discover how Tanya is paving the way for accessible AppSec education, the role of AI in secure coding, and her mission to teach security as a fundamental skill for every developer.

The Shared Security Show
Tanya Janca on Secure Coding, AI in Cybersecurity, and Her New Book

The Shared Security Show

Play Episode Listen Later Dec 9, 2024 27:16


Join us for an insightful episode of the Shared Security Podcast as Tanya Janca returns for her fifth appearance. Discover the latest on her new book about secure coding, exciting updates in Application Security, and the use of AI in security. Learn how her new book goes deeper into secure coding practices, backed by her […] The post Tanya Janca on Secure Coding, AI in Cybersecurity, and Her New Book appeared first on Shared Security Podcast.

Crying Out Cloud
Canadian Cybersecurity, Open Source Risks, and AppSec Insights with Tanya Janca

Crying Out Cloud

Play Episode Listen Later Nov 8, 2024 35:18


The Security Detail
Ep. 4: Application Security with Tanya Janca, head of community and education at Semgrep

The Security Detail

Play Episode Listen Later Sep 4, 2024 47:33


Application security is crucial for protecting sensitive data and ensuring the integrity and trustworthiness of software systems against cyber threats. In this episode, Tanya Janca, head of community and education at Semgrep discusses the importance of “shifting left” in the software development lifecycle, along with the best and worst practices in DevSecOps. Tanya has been coding and working in IT for more than 25 years and is the best-selling author of the book ‘Alice and Bob Learn Application Security'. You can follow Tanya on social media under the handle @SheHacksPurple.   Resources:  Semgrep website: https://semgrep.dev/ 'Alice and Bob Learn Application Security': https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/B097NJSSV8 'Alice and Bob Learn Secure Coding': https://www.wiley.com/en-us/Alice+and+Bob+Learn+Secure+Coding-p-9781394171705 SheHacksPurple YouTube: https://www.youtube.com/channel/UCyxbNw11fMUgoR3XpVYVPIQ SheHacksPurple website: https://shehackspurple.ca/ OWASP Global AppSec Conference: https://sf.globalappsec.org/ CISA Secure by Design: https://www.cisa.gov/securebydesign Tanya's RSAC Talk on DevSecOps worst practices: https://www.rsaconference.com/library/Presentation/USA/2023/DevSecOps%20Worst%20Practices RSAC Presentation: 'The End of DevSecOps?' by DJ Schleen: https://www.rsaconference.com/Library/presentation/usa/2024/the%20end%20of%20devsecops Executive Order on Improving the Nation's Cybersecurity (SBOMs): https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/    

Breaking Badness
Voices from Infosec: Tanya Janca

Breaking Badness

Play Episode Listen Later Jul 10, 2024 62:49


We're thrilled Tanya Janca (aka SheHacksPurple) joined us this week on the podcast! She and Kali Fencl discuss secure guardrails, Semgrep Academy, the process of writing two books, gardening, and so much more.

Application Security PodCast
Tanya Janca -- Secure Guardrails

Application Security PodCast

Play Episode Listen Later Jul 9, 2024 64:50


Join us for a conversation with Tanya Janka, also known as SheHacksPurple, as she discusses secure guardrails, the difference between guardrails and paved roads, and how to implement both in application security.  Tanya, an award-winning public speaker and head of education at SEMGREP, shares her insights on creating secure software and teaching developers. Tanya also shares with us about her hobby farm and love for gardening. Mentioned in this episode:Tanya Janca – What Secure Coding Really Means Tanya Janca – Mentoring Monday - 5 Minute AppSec Tanya Janca and Nicole Becher – Hacking APIs and Web Services with DevSlopThe Expanse Series by James S.A. CoreyAlice and Bob Learn Application Security by Tanya Janca FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hacker Valley Studio
The Power of AppSec, Cyber Education, and Friendship with Tanya Janca

Hacker Valley Studio

Play Episode Listen Later Jun 26, 2024 35:21


In this episode, Host Ron Eddings catches up with longtime friend, Tanya Janka, Head of Education and Community at SemGrep and author of 'Alice and Bob Learn Application Security.' Tanya shares her experiences from working in the Canadian government to joining Microsoft and eventually founding WeHackPurple. Tanya talks about her new role at SemGrep, where she focuses on making application security education accessible, and the importance of building supportive communities in the tech industry. Impactful Moments: 00:00 - Welcome 01:20 - Introducing guest, Tanya Janca 03:09 - “IDK How to Make SemGrep Rules…” 0707 - Finding Shadow IT & Embezzlers 11:27 - Join Our Mastermind 12:09 - Becoming an AppSec Professional 15:22 - Elections CISO 18:00 - Speaking at Conferences 21:15 - Microsoft Calls Me One Day… 23:21 - Parting Ways; But Still Friends 24:30 - “Can You Train Our Devs?” 27:50 - Fairness Is Important 32:27 - Put Yourself Out There!   Links: Connect with our guest, Tanya Janca: https://www.linkedin.com/in/tanya-janca/ Check out SemGrep Academy: https://academy.semgrep.dev/ We Hack Purple Podcast: https://wehackpurple.buzzsprout.com/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

community head education speaking canadian friendship microsoft discord parting ways appsec tanya janca cyber education impactful moments we hack purple put yourself out there semgrep
Absolute AppSec
Episode 249 w/ Tanya Janca - Secure Guardrails

Absolute AppSec

Play Episode Listen Later Jun 25, 2024


Tanya Janca (@shehackspurple on X) joins Ken Johnson (@cktricky) and Seth Law (@sethlaw) for a special episode of the Absolute AppSec podcast. Tanya is currently head of education and community at Semgrep, and is a prominent info security commenter and active contributor to improving the industry for everybody through helping spread values of diversity, inclusion and kindness. Tanya has had experience with a range of roles, startup founder, pentester, CISO, AppSec Engineer, and software developer, and she's worked at major industry landmarks such as Microsoft, Adobe, and Nokia. She is an award-winning public speaker, the founder of We Hack Purple (since acquired by Semgrep), an active blogger and streamer and has delivered hundreds of talks and trainings on 6 continents. Catch up with Tanya's multiple activities and initiatives at her website https://shehackspurple.ca

Brakeing Down Security Podcast
Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more!

Brakeing Down Security Podcast

Play Episode Listen Later Jun 1, 2024 87:18


Check out the BrakeSecEd Twitch at https://twitch.tv/brakesec Join the Discord! https://discord.gg/brakesec #youtube VOD (in 1440p): https://www.youtube.com/watch?v=axQWGyd79NM  Questions and topics: Bsides Vancouver discussion Semgrep Community and Academy Building communities What are ‘secure guardrails' Reducing barriers between security and developers How to sell security to devs: “hey, if you want to see us less, buy/use this?” “Security is your barrier, but we have goals that we can't reach without your help.” https://wehackpurple.com/devsecops-worst-practices-artificial-gates/  How are you seeing things like AI being used to help with DevOps or is it just making things more complicated? Not just helping write code, but infrastructure Ops, software inventories, code repo hygiene, etc? OWASP PNW https://www.appsecpnw.org/ Alice and Bob coming next year! Additional information / pertinent LInks (Would you like to know more?): shehackpurple.ca  Semgrep (https://semgrep.dev/) https://aliceandboblearn.com/ https://academy.semgrep.dev/ (free training) Netflix ‘paved roads': https://netflixtechblog.com/how-we-build-code-at-netflix-c5d9bd727f15 https://en.wikipedia.org/wiki/Nudge_theory  https://www.perforce.com/blog/qac/what-is-linting  https://www.youtube.com/watch?v=FSPTiw8gSEU  https://techhq.com/2024/02/air-canada-refund-for-customer-who-used-chatbot/  Show points of Contact: Amanda Berlin: @infosystir @hackershealth  Brian Boettcher: @boettcherpwned Bryan Brake: https://linkedin.com/in/brakeb  Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@BrakeSecEd Twitch Channel: https://twitch.tv/brakesec  

No Password Required
No Password Required Podcast Episode 50 — Tanya Janca

No Password Required

Play Episode Listen Later May 28, 2024 60:44


Summary The conversation discusses the extradition case of Julian Assange and the role of the US prison system in the decision. It also explores Tanya Janca's role at Semgrep and her passion for affordable cybersecurity education. Additionally, it touches on Tanya's experience in election security and the importance of transparency in the process. Tanya discusses her volunteer work with the Canadian government, where she helps educate students about cybersecurity. She talks about the importance of teaching young people about privacy, protecting digital devices, and understanding cyber threats. Tanya also mentions her involvement in the Cyber Titan competition and her efforts to promote cybersecurity as a career. She shares her experience writing the book 'Alice and Bob Learn Application Security' and her unique approach to making technical concepts accessible through stories and different learning styles. Tanya also talks about the importance of mentoring and how she has benefited from mentors throughout her career.Keywords Julian Assange, extradition, US prison system, cybersecurity education, Semgrep, election security, transparency, volunteer work, Canadian government, cybersecurity education, privacy, digital devices, cyber threats, Cyber Titan, promoting cybersecurity, career, Alice and Bob Learn Application Security, technical concepts, stories, learning styles, mentoringTakeawaysThe extradition case of Julian Assange highlights the differences in prison systems between the US and other Western democracies.Tanya Janca's role at Semgrep involves community management and education in the field of cybersecurity.Affordable cybersecurity education is crucial for organizations to effectively use security tools and integrate them into their programs.Election security requires centralization, knowledge sharing, and transparency to ensure public trust in the process. Volunteer work with the Canadian government focuses on educating students about cybersecurity, including topics like privacy and protecting digital devices.Promoting cybersecurity as a career is important, and initiatives like the Cyber Titan competition help engage high school students in learning about cybersecurity.Tanya's book 'Alice and Bob Learn Application Security' uses stories and different learning styles to make technical concepts accessible.Mentoring is valuable for personal and professional growth, and Tanya has both benefited from mentors and become a mentor herself.TitlesThe Importance of Transparency in Election SecurityCybersecurity as a Career: The Cyber Titan CompetitionThe Value of Mentoring: Tanya's Experience as a Mentor and MenteeSound Bites"I am head of community and education, which is a role they made up just for me.""They decided, I think in 2017, we need to make a task force to make sure they know cyber.""Defenders need to understand attacks or they can't be good at defending, right? Like we're teaching them ethics as we teach them how to hack.""Alice and Bob are going to learn secure coding this time."Chapters00:00 The Extradition Case of Julian Assange08:18 Affordable Cybersecurity Education at Semgrep30:40 Tanya's Volunteer Work with the Canadian Government31:35 Promoting Cybersecurity as a Career34:02 Making Technical Concepts Accessible: 'Alice and Bob Learn Application Security'39:45 The Value of Mentoring

Carlton Fields Podcasts
No Password Required: Education Lead at Semgrep and Former Czar for Canada's Election Security

Carlton Fields Podcasts

Play Episode Listen Later May 28, 2024 60:44


Tanya Janca, also known as SheHacksPurple, is the head of community and education at Semgrep and the best-selling author of Alice and Bob Learn Application Security. With more than 25 years of experience in coding, application security, and IT, Tanya has dedicated herself to “securing all the things.” Tanya's career journey began in the Canadian government, […]

Application Paranoia
S5EP3 - Security in the Developer Experience with Tanya Janca and New Words for 2024.

Application Paranoia

Play Episode Listen Later May 24, 2024 66:31


Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.In this weeks episode our special guest is Tanya Janca who is helping the team discuss all things Security in the Devlopment space. Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security'. She is also the head of education and community at Semgrep!  As the founder of We Hack Purple, Tanya is bringing her security training to Semgrep customers and beyond. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an Advisor for NordSec and Katilyst and the Founder of We Hack Purple, OWASP DevSlop, WoSECShe and the very popular #CyberMentoringMonday.  She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

Secure Networks: Endace Packet Forensics Files
Episode 53: Tanya Janca - Head of Education and Community at Semgrep, Founder of WehackPurple, renowned cybersecurity expert, author and RSA Speaker.

Secure Networks: Endace Packet Forensics Files

Play Episode Listen Later Feb 29, 2024 42:43


In this episode of Secure Networks, Michael chats with Tanya Janka, aka SheHacksPurple, head of education and community at Semgrep and founder of We Hack Purple. Tanya discusses her transition from developer to security expert, the real issues behind the cybersecurity skills gap, and strategies for employee retention. She also dives into the implications of emerging technologies on security practices and the balance between automation and human expertise. Don't miss these valuable insights.Visit Tanya's websites: ► We Hack Purple - [https://wehackpurple.com/] ► Semgrep - [https://semgrep.dev/]

The CyberWire
14 million customers and stolen data.

The CyberWire

Play Episode Listen Later Dec 18, 2023 29:18


A US mortgage company reveals major data breach. Updates from CISA. NSA provides guidance on SBOMs. MongoDB warns customers of a breach. BlackCat/ALPHV is still a market leader, but feeling competitive pressure. Reassessing the effects of Log4shell. The International Committee of the Red Cross calls for restraint in cyber warfare. Ransomware hits a cancer center. Ann Johnson, host of Microsoft Security's Afternoon Cyber Tea podcast goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. And what can I do to make you take home this chatbot today? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Host of Microsoft Security's Afternoon Cyber Tea podcast, Ann Johnson, goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. Ann's full discussion with Tanya can be heard here. You can catch Afternoon Cyber Tea every other Tuesday on your favorite podcast apps and the N2K Network.  Selected Reading Mr. Cooper reveals breach exposed 14.6 million clients (Cybernews) Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment (CISA) NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity (Security Week) MongoDB says customer data was exposed in a cyberattack (Bleeping Computer) ALPHV Targeting: Ransomware & Digital Extortion (ZeroFox) A Log4Shell Retrospective - Overblown and Exaggerated (VulnCheck) We call on States to stop turning a blind eye to the participation of civilian hackers in armed conflict (ICRC) Seattle cancer center confirms cyberattack after ransomware gang threats (The Record) What can I do to make you take home this chatbot today? (Mastodon) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Afternoon Cyber Tea with Ann Johnson
Beyond Basics with Tanya Janca

Afternoon Cyber Tea with Ann Johnson

Play Episode Listen Later Dec 12, 2023 37:11


Tanya Janca, head of Community and Education at Semgrep and the founder of WeHackPurple, joins Ann on this week's episode of Afternoon Cyber Tea. Tanya brings over two decades of coding and IT experience, navigating diverse landscapes from startups to tech giants like Microsoft, Adobe, and Nokia. Tanya is not just a seasoned professional; she's also the acclaimed author of 'Alice and Bob Learn Application Security,' a groundbreaking book that goes beyond the fundamentals, delving into intricate subjects such as threat modeling and security testing. She is a dynamic force in the cybersecurity community, an award-winning public speaker, and an engaging streamer, sharing her expertise through hundreds of talks and training sessions spanning six continents. Ann and Tanya unravel the layers of Tanya's journey, shedding light on the ever-evolving landscape of application security and beyond.     Resources:  View Tanya Janca on LinkedIn  View Ann Johnson on LinkedIn     Related Microsoft Podcasts:  Microsoft Threat Intelligence Podcast  The BlueHat Podcast   Uncovering Hidden Risks         Discover and follow other Microsoft podcasts at microsoft.com/podcasts    Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network.    

The Shared Security Show
Application Security Trends & Challenges with Tanya Janca

The Shared Security Show

Play Episode Listen Later Dec 4, 2023 27:03


In this episode, noteworthy guest Tanya Janca returns to discuss her recent ventures and her vision for the future of Application Security. She reflects on the significant changes she has observed since her career at Microsoft, before discussing her new role at Semgrep that recently acquired WeHackPurple. Tanya sheds light on her decision to partner […] The post Application Security Trends & Challenges with Tanya Janca appeared first on Shared Security Podcast.

Application Security PodCast
Tanya Janca -- What Secure Coding Really Means

Application Security PodCast

Play Episode Listen Later Oct 24, 2023 48:23 Transcription Available


Tanya Janca, also known as SheHacksPurple, joins the Application Security Podcast again to discuss secure coding, threat modeling, education, and other topics in the AppSec world. With a rich background spanning over 25 years in IT, coding, and championing cybersecurity, Tanya delves into the essence of secure coding.Tanya highlights the difference between teaching developers about vulnerabilities and teaching them the practices to avoid these vulnerabilities in the first place. Instead of focusing on issues like SQL injection, she emphasizes the importance of proactive measures like input validation and always using parameterized queries. She believes teaching developers how to build secure applications is more effective than merely pointing out vulnerabilities.She also explains the importance of a secure system development life cycle (SDLC). Software companies often state "We take your security seriously." Tanya believes the phrase should only be used by companies that have a secure SDLC in place. Without it, the phrase is rendered meaningless.Discussing the intersection of coding and threat modeling, Tanya shares personal anecdotes that underscore the need to view systems with a critical eye, always anticipating potential vulnerabilities and threats. She recounts her initial reactions during threat modeling sessions, where she is surprised by the myriad ways applications can be exploited.One of her most crucial takeaways for developers is the principle of distrust and verification. Tanya stresses that when writing code, developers should not trust any input or connection blindly. Everything received should be validated to ensure its integrity and safety. This practice, she believes, not only ensures the security of applications but also makes the lives of incident responders easier.Toward the end of the podcast, Tanya recommends This is How They Tell Me the World Ends," which offers a deep dive into the zero-day industry. She lauds the book for its meticulous research and compelling narrative. The episode wraps up with Tanya encouraging listeners to stay connected with her work and to anticipate her upcoming book.Links:Alice and Bob Learn Application Security by Tanya Janca     https://www.wiley.com/en-us/Alice+and+Bob+Learn+Application+Security-p-9781119687405This is How They Tell Me the World Ends by Nicole Perlroth     https://thisishowtheytellmetheworldends.com/WeHackPurple     https://wehackpurple.com/FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We Hack Purple Podcast
Episode 81 with Diana Kelley

We Hack Purple Podcast

Play Episode Listen Later Sep 10, 2023 46:50


In episode 81 of the We Hack Purple Podcast host Tanya Janca spoke to Diana Kelley, Chief Information Security Officer (CISO) at Protect AI. Diana and Tanya worked together at Microsoft, and to say that Diana is a pillar of the information security industry is somewhat of an understatement. Together they discussed problems with Large Language Models (LLMs) ingesting crappy code, and bad licenses, the OSSF (and it's goodness), and that sometimes people don't even realize they are breaking software licences when they use what an LLM has produced.We discussed the fact that if a CVE comes out for a library an LLM gave you, but it didn't identify it with the correct name of the library, you wouldn't receive notifications about it. She clarified how ML pipelines are set up, how data scientists work, with insecure juniper laptops all over the place (perhaps a generalization on my part). We discussed how data science seems to be a topic a lot of CISOs are pretending aren't in their domain to protect, but both of us agreed that is not so. They have some of the most valuable data your organization can possess.We also covered best practices for securing MLSec, the OWASP Top Ten for LLMs, and the new free community her company has started MLSECOPS. She also released an update version of her book, Practical Cyber Security Architecture!.Diana Links:Diana on LinkedInhttps://www.wicys.org/. (of course!)https://mlsecops.com/OSS Jupyter Notebook scanner here: https://nbdefense.ai/https://protectai.com/ Her book https://www.packtpub.com/product/practical-cybersecurity-architecture-second-edition/9781837637164.Bio: Diana Kelley is the Chief Information Security Officer (CISO) for Protect AI. She also serves on the boards of Cyber Future Foundation, WiCyS, and The Executive Women's Forum (EWF). Diana was Cybersecurity Field CTO for Microsoft, Global Executive Security Advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner), a Manager at KPMG, CTO and co-founder of SecurityCurve, and Chief vCISO at SaltCybersecurity..Very special thanks to our sponsor!Semgrep Supply Chain's reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable.Get Your Free Trial Here! Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset! Check out Semgrep Code HERE

We Hack Purple Podcast
We Hack Purple Podcast Episode 80 with Ray Leblanc

We Hack Purple Podcast

Play Episode Listen Later Jul 25, 2023 47:36


In episode 80 of the We Hack Purple Podcast host Tanya Janca brings on her long-time friend Ray Leblanc of 'Hella Secure' blog. You may remember him from several Alice and Bob Learn streams, or from his cutting sarcasm on social media.Ray and Tanya discussed what they always discuss: AppSec. They compared AppSec responsibility versus business responsibility, how to "put it down" at the end of the day in order to avoid burn out, and that 'perhaps Tanya should learn to stay in her lane?' We covered when bug fixes don't get merged and released, the first year of the brand new conference which focuses only on Threat Modelling (ThreatModCon) and that Tanya will be Adam Shostack's teaching assistant for his course that is part of OWASP Global AppSec the first week of November (get tickets here).  Although Ray professes to be bad at threat modelling on the podcast, if you follow any of his work you know that's absolutely untrue, and Tanya teases him accordingly about it.Ray's Links:https://www.hella-secure.com/https://twitter.com/Raybeornhttps://www.linkedin.com/in/raymondlleblanc/Very special thanks to our sponsor, Semgrep!Semgrep Supply Chain's reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable.Get Your Free Trial Here! Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset! Join We Hack Purple! Check out our brand new courses in We Hack Purple Academy. Join us in the We Hack Purple Community:  A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more! 

We Hack Purple Podcast
We Hack Purple Podcast Episode 79 with Isabelle Mauny

We Hack Purple Podcast

Play Episode Listen Later Jul 5, 2023 58:24


In episode 79 of the We Hack Purple Podcast host Tanya Janca spoke to Isabelle Mauny , Field CTO and founder of 42Crunch! Isabelle and Tanya met way back in 2018, at an API Security workshop in Britain, having no idea they would be friends for years to come! Isabelle is extremely passionate about securing APIs, and has volunteered for several different groups and projects in order to try to steer our industry in a more secure direction, including being president of the OpenAPI group and lending her skills to the OWASP DevSlop project to fix up our Pixi app.Together they discussed several of the challenges when creating secure APIs, including: BOLA (Broken Object Level Authorization), bots, all sorts of other broken authentication (not just object-level), verbose error messages, the fact that APIs are *not* invisible to hackers, and so much more. Isabelle covered how to have a positive security culture, and build out a DevSecOps program that includes API security, what the OpenAPI protocol is, and several inspiring customer success stories. We also talked about her free IDE Plugin that gives you a score out of 100 for security, and how Tanya's first try at it she only got a score somewhere in the 20's to start! Of course, we also talked about the OWASP API Security Top Ten, and how that helped bring the important of securing APIs into the mainstream, rather than an obscure thing only AppSec people like Isabelle and Tanya obsess over.Isabelle also spoke about a webinar she will be on July 13, Mastering Secure API Development with GitHub and 42Crunch, you can sign up here: https://42crunch.com/mastering-secure-api-development-with-github-and-42crunch/Get to know Isabelle:Isabelle Mauny, co-founder and Field CTO of 42Crunch, is a technologist at heart. She worked at IBM, WSO2 and Vordel across a variety of roles, helping large enterprises design and implement integration solutions. At 42Crunch, Isabelle manages customer POCs , partners integrations and product training. She is a frequent speaker at conferences and a published author. Isabelle is passionate about APIs and enjoys sharing her experience in podcasts such as this one :)Isabelle Links!https://tools.openapis.orghttps://42crunch.com/mastering-secure-api-development-with-github-and-42crunch/https://apisecurity.iohttps://github.com/isamauny/codemotion2023/blob/main/RuggedAPIs-Codemotion-2023.pdfhttps://42crunch.com/blog/Very special thanks to our sponsor, Semgrep!Semgrep Supply Chain's reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable.Get Your Free Trial Here! Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset!

We Hack Purple Podcast
We Hack Purple Podcast Episode 78 with Jason Haddix

We Hack Purple Podcast

Play Episode Listen Later Jun 23, 2023 31:14


In episode 78 of the We Hack Purple Podcast host Tanya Janca brings Jason Haddix on to talk about artificial intelligence, and (of course) how to hack it! Jason discussed how to use AI for both defense and offence, using plain language (conversational), rather than code, and what a red teaming exercise looks for such a system. We talked about what a large language model looks like, cleaning up data, and how easy it is to get them to do bad things. Jason invited everyone to the AI Village at Def Con this year, and so much more! There was also much love for Daniel Miessler, his articles on AI, and his newsletter Unsupervised Learning (https://danielmiessler.com/newsletter/). Listen to hear the whole thing!Jason Haddix AKA jhaddix is the CISO and “Hacker in Charge” at BuddoBot, a world-class adversary emulation and red teaming  consultancy. He's had a distinguished 18-year career in cybersecurity previously serving as the CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason is a hacker, bug hunter and currently ranked 51st all-time on Bugcrowd's bug bounty leaderboards. Currently, he specializes in recon, web application analysis, and emerging technologies. Jason Links! https://buddobot.com/https://twitter.com/BuddoBothttps://www.linkedin.com/company/buddobot/mycompany/https://twitter.com/Jhaddixhttps://www.jhaddix.com/https://www.linkedin.com/in/jhaddix/ Jason's Newsletter: https://executiveoffense.beehiiv.com/ Jason's training happening in July: https://tbhmlive.com/ Very special thanks to our sponsor!Semgrep Supply Chain's reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable. Get Your Free Trial Here! Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset! Check out Semgrep Code HERE   Join We Hack Purple!Check out our brand new courses in We Hack Purple Academy (https://academy.wehackpurple.com/). Join us in the We Hack Purple Community (https://community.wehackpurple.com/):  A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to 

We Hack Purple Podcast
We Hack Purple Podcast Episode 77 with Brendan Sheairs

We Hack Purple Podcast

Play Episode Listen Later Jun 14, 2023 40:58


In episode 77 of the We Hack Purple Podcast host Tanya Janca chats with Brendan Sheairs about her latest obsession; security champions! Brendan has significantly more experience in this area than anyone Tanya has met, so they dug in deep on this topic. We covered a lot in this episode, including;  •       What the heck are security champions? Why would someone want them?•    You need building blocks◦                    Must haves: goals! Who will run it! What problem are they solving?•    What is the business goal? Or objective? You need a justification to do this!•    Getting buy in to be allowed to build a program•    Having fewer bugs in production•    Moral? Are they happier? Are they missing less work?•    Biggest challenge, time commitment for champions, and then no one is allowed to work on it•    You need top down buy in, but then the work happens bottom up•    10% for champions, what does this mean? What can it look like?•    Conflicts of interest or alignment with other important things like deadline and bonuses•    Motivations: Career advancement and financial•    Things we can do to motivate champions•    What does a good program look like?•    If someone leading the program? Someone needs to be responsible for the program, or it will, for sure, fall apart Want More Brendan? Here you go!•    https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7064622406937538560-bR59/•    https://www.synopsys.com/blogs.html•    https://www.linkedin.com/feed/update/urn:li:activity:7067122079698931714/•    https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7051901776257503232--Az7?utm_source=share&utm_medium=member_desktop Very special thanks to our sponsor!Semgrep Supply Chain's reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable. Get Your Free Trial Here! https://semgrep.dev/products/semgrep-supply-chainSemgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset! Check out Semgrep Code HERE (https://semgrep.dev/products/semgrep-code/). Join We Hack Purple!

The CyberWire
Tanya Janca: Find a community who supports you. [CEO] [Career Notes]

The CyberWire

Play Episode Listen Later Mar 26, 2023 9:56


Tanya Janca, CEO and Founder of We Hack Purple, sits down to talk about her exciting path into the field of cybersecurity. Trying several different paths in high school, she soon found she was good at computer science. When it came to picking a college, she knew that was the field she wanted to get into. After college, she was able to use her skills to work at a couple of different organizations, eventually getting into the Canadian government. While there, she held the position of CISO for the Canadian election in 2015 when Justin Trudeau was elected, but she knew she wanted to try something new. She switched from programming to security and after working at Microsoft as a presenter, she eventually found that she wanted to start her own company, saying "at first it was just me presenting, but now we have community members present to each other and it's just been really beautiful to see that grow." She hopes that with her and her community's help, nobody is left feeling unsafe when it comes to being online.

Ask A CISO
Exploring the Challenges of Application Security

Ask A CISO

Play Episode Listen Later Mar 15, 2023 51:27


In this episode, we talk about application security with guest Tanya Janca. Hear our discussion on the tension between authentication and authorization, the prevalence of API security flaws, the upcoming open comment period for the new version of the OWASP Top Ten, and the inadequacy of API security measures. We also discussed the importance of designing an effective security program for different industry companies, the differences between CSPM and CASB, the use of tools, and the importance of keeping up with updates. Read the associated short blog on Application Security: https://www.horangi.com/blog/exploring-the-challenges-of-application-security - About Horangi Cybersecurity -- More information about the Ask A CISO podcast: https://www.horangi.com/resources/ask-a-ciso-podcast About Horangi Cyber Security: https://www.horangi.com - About the Guest -- Tanya's LinkedIn: https://www.linkedin.com/in/tanya-janca/ SheHacksPurple: https://shehackspurple.ca/ - Get Tanya's book here -- https://a.co/d/cY33RL0

.NET Rocks!
Alice and Bob Learn App Security with Tanya Janca

.NET Rocks!

Play Episode Listen Later Jan 5, 2023 57:49


How do we learn about application security? Carl and Richard talk to Tanya Janca about her book 'Alice and Bob Learn Application Security.' Tanya talks about bringing positive conversations around security, enabling people to get work done while being secure. Software developers are now targets for the black hats because they often have super-user accounts and aren't following security practices as closely as others. Building secure software means developing it in a secure context - it takes practice, but is the best way to succeed in making secure software!

.NET Rocks!
Alice and Bob Learn App Security with Tanya Janca

.NET Rocks!

Play Episode Listen Later Jan 5, 2023 58:00


How do we learn about application security? Carl and Richard talk to Tanya Janca about her book 'Alice and Bob Learn Application Security.' Tanya talks about bringing positive conversations around security, enabling people to get work done while being secure. Software developers are now targets for the black hats because they often have super-user accounts and aren't following security practices as closely as others. Building secure software means developing it in a secure context - it takes practice, but is the best way to succeed in making secure software!

The CyberWire
DPRK cyber ops. Poland warns of Russian cyber activity. Twitter's data incident. A crypto trading exchange is rifled. Ransomware shuts down the Port of Lisbon. Small business opportunities.

The CyberWire

Play Episode Listen Later Jan 3, 2023 28:32


Recent DPRK cyber operations: spying and theft. Twitter's data incident. 3Commas breached. Poland warns of increased Russian offensive cyber activity. Port of Lisbon hit by ransomware. DHS announces SBIR topics. New additions to the Known Exploited Vulnerabilities Catalog. Ben Yelin on the legal conundrum of AI generated code. Our guest is Tanya Janca from She Hacks Purple with insights on API security. And, news flash! LockBit says they have a conscience. (Yeah, right.) For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/1 Selected reading. Recent DPRK cyber operations: spying and theft. (CyberWire) Twitter targeted in extortion hack. (CyberWire) 3Commas' API compromised. (CyberWire) Russian cyberattacks (Special Services)  LockBit activity over the holidays. (CyberWire) CISA Adds Two Known Exploited Vulnerabilities to Catalog (CISA)  DHS Small Business Innovation Research (SBIR) Program FY23 Solicitation (SAM.gov) The SBIR and STTR Programs. (SBIR/STTR)