This book offers a refreshing approach to secure coding by using analogies, stories of the characters Alice and Bob, real-life examples, technical explanations, and diagrams. It covers secure coding in popular languages like Python, Java, JavaScript, C/C++, SQL, C#, PHP, and more, as well as security for frameworks such as Angular, .Net, and React. The book includes topics on security best practices for APIs, mobile, web sockets, serverless, IoT, and service mesh, major vulnerability categories, the Secure System Development Life Cycle, threat modeling, testing, and code review. It is designed for a diverse audience, including software developers of all levels, budding security engineers, software architects, and application security professionals.
RJJ Software's Software Development Service
This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations.
Show Notes
"From the very first lesson of "Hello, World" they teach us to make insecure code. So the first thing with "Hello, World" is how to output to the screen. That is fine. But the second part of "Hello, World" is: you ask them their name, you take their name. you don't validate it, and then you say "Hello," and you reflect their name back onto the screen with no output encoding. And then you just made cross-site scripting. And right from the very first lesson, we teach everyone wrong in pretty much every language, and so as a result we end up with a lot of people doing code the wrong way. Like, universities are still teaching lots of things wrong. And so I'm hoping that this book will help."— Tanya Janca
Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie's throat infection returned, making it tough for him to record this intro.
In this episode, we welcomed Tanya Janca back to the show. This conversation marks her third appearance on the show, and a slight change in focus to Secure Coding. We talk about how developers are taught to write insecure code from day one (or "Hello, World!"), about how her new book "Alice and Bob Learn Secure Coding" could help with that, the many hours of free education and learning that Tanya has created alongside the book, and how both data scientists and academics approach software development differently to some of us developers.
"There are so many amazing security features in .NET. There's so many. Like, because I... I wrote about eight different frameworks and .NET by far had the absolute most different security features. And part of it, some of them are from Windows. Some of them are from C... because I wrote about C# and .NET. And to be quite honest, audience, I mixed them up quite a bit because, "what is specifically C#, and what is specifically .NET," got a bit confused in my brain. But I'm like, all of it's good. Do all of it"— Tanya Janca
Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET.
My voice was created using Generative AI.
Supporting the Show
If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show.
Full Show Notes
The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/the-security-expert-speaks-tanya-janca-on-learning-to-code-securely/
Tanya's Previous Appearances:
Useful Links
Supporting the show:
Getting in Touch:
Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend.
And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch.
You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.
The Modern .NET Show 