Summary

Tanya Janca talks about fixing your developer process so that security is part of the life cycle.

Details

Who she is, what she does. Becoming a penetration tester. Being a developer advocated. Adding security at the end of the software development life cycle; people wish there was a silver bullet for security. "We're secure, we don't need to test our security". Security should start at the project kickoff. Who owns security, the devs or the security team; getting authority and responsibility. Choosing what to fix; likelihood, potential losses, cost. Security stories during development iterations. Security gets in the way. Feature switches to turn off security in dev environments. Negotiating about what to fix; working around the process. Should security programming be a specialty. Don't build a tool if you can buy it. Copy pasting your way into trouble; Stack Overflow has a security section now; team to build core security tools. Buying services for authentication/authorization. Communicating with other applications. Why no HTTPS. Why encryption at rest when data is in the cloud. Security testing - static analysis, dependencies vulnerabilities, dynamic analysis. Security tools.

Support this podcast

Full show notes
@SheHacksPurple
SheHacksPurple
Tanya's music
We Hack Purple
Why No HTTPS
Other Security Podcast Episodes