Darknet Diaries 165: Tanya
222 snips
Nov 4, 2025 
Tanya Janca, a renowned AppSec expert and founder of We Hack Purple, shares gripping tales from her cybersecurity journey. She vividly recounts how a single SQL injection changed her career and describes her first penetration testing experiences. Tanya reveals an incident where exploratory inputs crashed a production server and led to a significant data leak. She discusses her role in incident response and the importance of training help desk teams in recognizing security threats. Her passion for secure coding inspires developers to prioritize cybersecurity.
AI Snips
Chapters
Books
Transcript
Episode notes
Security Policy Hidden From Staff
- Jack tested his NOC technicians by giving them 15 minutes to find the company's security policy and none could locate it.
- The policy was buried and poorly named in SharePoint, showing auditors' checks don't ensure employee awareness.
Pen Test That Crashed Production
- Tanya learned Burp Suite and during a supervised pen test found server-side request forgery that crashed production.
- Her unexpected exploit deleted and corrupted the client's production data, prompting anger from her boss.
Blind SQLi Explains Strange Logs
- A Pastebin sample revealed exfiltrated government data that appeared unclassified but included non-public record IDs.
- Blind SQL injection can leak database contents one boolean answer at a time, explaining the odd log patterns.
