no dogma podcast

#175 Tanya Janca, Secure Coding

Jan 7, 2025
In this engaging discussion, Tanya Janca, Head of Community at Semgrep and security trainer at She Hacks Purple, shares insights from her new book aimed at helping developers write secure code. She emphasizes the critical importance of validating inputs and adopting a zero-trust security model. Tanya discusses balancing security with usability, especially in sensitive environments like hospitals. She also explores effective strategies for securing legacy applications and the need for continuous security testing in the software development lifecycle.
Ask episode
AI Snips
Chapters
Books
Transcript
Episode notes
ANECDOTE

Book Focus and Content

  • Tanya Janca's new book, "Alice and Bob Learn Secure Coding," targets developers, not security professionals.
  • It covers the top 10 programming languages and 8 frameworks, focusing on web frameworks due to increased internet connectivity and threats.
INSIGHT

Defensive Approach to Secure Coding

  • Tanya Janca's book focuses on defenses against vulnerabilities rather than individual vulnerabilities.
  • This approach simplifies learning secure coding by addressing multiple vulnerabilities with fewer techniques.
ADVICE

Validate and Sanitize Input

  • Validate and sanitize every input to your system to prevent vulnerabilities like cross-site scripting and injection.
  • Reject unexpected inputs instead of trying to fix them, using allow lists rather than block lists.
Get the Snipd Podcast app to discover more snips from this episode
Get the app