#170 Tanya Janca, Building Security Into Software

Summary Tanya Janca talks about fixing your developer process so that security is part of the life cycle. Details Who she is, what she does. Becoming a penetration tester. Being a developer advocated. Adding security at the end of the software development life cycle; people wish there was a silver bullet for security. "We're secure, we don't need to test our security". Security should start at the project kickoff. Who owns security, the devs or the security team; getting authority and responsibility. Choosing what to fix; likelihood, potential losses, cost. Security stories during development iterations. Security gets in the way. Feature switches to turn off security in dev environments. Negotiating about what to fix; working around the process. Should security programming be a specialty. Don't build a tool if you can buy it. Copy pasting your way into trouble; Stack Overflow has a security section now; team to build core security tools. Buying services for authentication/authorization. Communicating with other applications. Why no HTTPS. Why encryption at rest when data is in the cloud. Security testing - static analysis, dependencies vulnerabilities, dynamic analysis. Security tools. Support this podcast Full show notes @SheHacksPurple SheHacksPurple Tanya's music We Hack Purple Why No HTTPS Other Security Podcast Episodes

You can listen to #170 Tanya Janca, Building Security Into Software online on Radio and Podcast. Open the player on this page to stream the available audio.

#170 Tanya Janca, Building Security Into Software is an episode from no dogma podcast by no dogma podcast.

This episode is 01:09:02 long.

This episode was published on Feb 1, 2023.

Yes. Use the heart button on the episode page to add it to your favorite episodes list.

Yes. This page shows related episodes from no dogma podcast when more episodes are available from the podcast feed.