no dogma podcast #175 Tanya Janca, Secure Coding
Jan 7, 2025
In this engaging discussion, Tanya Janca, Head of Community at Semgrep and security trainer at She Hacks Purple, shares insights from her new book aimed at helping developers write secure code. She emphasizes the critical importance of validating inputs and adopting a zero-trust security model. Tanya discusses balancing security with usability, especially in sensitive environments like hospitals. She also explores effective strategies for securing legacy applications and the need for continuous security testing in the software development lifecycle.
AI Snips
Chapters
Books
Transcript
Episode notes
Book Focus and Content
- Tanya Janca's new book, "Alice and Bob Learn Secure Coding," targets developers, not security professionals.
- It covers the top 10 programming languages and 8 frameworks, focusing on web frameworks due to increased internet connectivity and threats.
Defensive Approach to Secure Coding
- Tanya Janca's book focuses on defenses against vulnerabilities rather than individual vulnerabilities.
- This approach simplifies learning secure coding by addressing multiple vulnerabilities with fewer techniques.
Validate and Sanitize Input
- Validate and sanitize every input to your system to prevent vulnerabilities like cross-site scripting and injection.
- Reject unexpected inputs instead of trying to fix them, using allow lists rather than block lists.