Tanya Janca, author of Alice and Bob Learn Secure Coding, discusses secure coding and secure software development life cycle with host Brijesh Ammanath. This session explores how integrating security into every phase of the SDLC helps prevent vulnerabilities from slipping into production. Tanya strongly recommends defining security requirements early, and discusses the importance of threat modeling during design, secure coding practices, testing strategies such as static, dynamic, and interactive application security testing (SAST, DAST and IAST), and the need for continuous monitoring and improvement after deployment.
This episode is sponsored by Codegate.
Show Notes
Related Episodes
- SE Radio 475: Rey Bango on Secure Coding with Veracode
- SE Radio 568: Simon Bennetts on the OWASP Dynamic Application Security Testing Tool ZAP
- SE Radio 541: Jordan Harband and Donald Fischer on Securing the Supply Chain
- SE Radio 514: Vandana Verma on the Owasp Top 10
Other References
- Book: Alice and Bob Learn Secure Coding
- Book: Alice and Bob Learn Application Security
- SheHacksPurple
- YouTube: SheHacksPurple
- Semgrep Academy – Learn to create secure software!
- Course – Building An Application Security Program – Application Security Foundations Level 1
- Secure Coding
