Software Engineering Radio - the podcast for professional software developers SE Radio 658: Tanya Janca on Secure Coding
24 snips
Mar 6, 2025 
In this discussion, Tanya Janca, author of 'Alice and Bob Learn Secure Coding' and a leading voice in application security, shares her insights on integrating security throughout the software development lifecycle. She emphasizes the importance of defining security requirements early and using threat modeling in design. Tanya details secure coding practices, effective testing strategies like SAST and DAST, and the necessity of continuous security monitoring post-deployment. With a focus on practical techniques and real-world examples, she guides developers on enhancing software security.
AI Snips
Chapters
Books
Transcript
Episode notes
Secure SDLC Overview
- Secure SDLC integrates security into every phase of development.
- Include security requirements, threat modeling, and secure coding practices.
Defining Security Requirements
- Define security requirements based on technology, policy, and sensitivity.
- Collaborate with security teams for specific requirements and risk assessment.
Threat Modeling
- Threat modeling identifies design flaws by brainstorming potential threats.
- Consider 'evil brainstorming' and focus on what could go wrong with the system.
