Software Engineering Radio - the podcast for professional software developers SE Radio 658: Tanya Janca on Secure Coding
20 snips
Mar 6, 2025 In this discussion, Tanya Janca, author of 'Alice and Bob Learn Secure Coding' and a leading voice in application security, shares her insights on integrating security throughout the software development lifecycle. She emphasizes the importance of defining security requirements early and using threat modeling in design. Tanya details secure coding practices, effective testing strategies like SAST and DAST, and the necessity of continuous security monitoring post-deployment. With a focus on practical techniques and real-world examples, she guides developers on enhancing software security.
AI Snips
Chapters
Books
Transcript
Episode notes
Least Privilege and Usable Security
- Grant users only necessary permissions, following the principle of least privilege.
- Design security features to be user-friendly to encourage secure choices.
Implied Trust in Systems
- Humans are naturally trusting, which can be exploited in system design.
- Validate all input and verify connections to prevent vulnerabilities.
Examples of Exploited Trust
- SQL injection exploits trust by concatenating user input directly into queries.
- MFA fatigue, where users approve prompts due to exhaustion, also exemplifies this.
