Sign up to save your podcasts
Or
Share The Security Expert Speaks: Tanya Janca on Learning to Code Securely
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Security Expert Speaks: Tanya Janca on Learning to Code Securely
RJJ Software's Software Development Service
This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations.
Show Notes"From the very first lesson of "Hello, World" they teach us to make insecure code. So the first thing with "Hello, World" is how to output to the screen. That is fine. But the second part of "Hello, World" is: you ask them their name, you take their name. you don't validate it, and then you say "Hello," and you reflect their name back onto the screen with no output encoding. And then you just made cross-site scripting. And right from the very first lesson, we teach everyone wrong in pretty much every language, and so as a result we end up with a lot of people doing code the wrong way. Like, universities are still teaching lots of things wrong. And so I'm hoping that this book will help."— Tanya Janca
Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie's throat infection returned, making it tough for him to record this intro.
In this episode, we welcomed Tanya Janca back to the show. This conversation marks her third appearance on the show, and a slight change in focus to Secure Coding. We talk about how developers are taught to write insecure code from day one (or "Hello, World!"), about how her new book "Alice and Bob Learn Secure Coding" could help with that, the many hours of free education and learning that Tanya has created alongside the book, and how both data scientists and academics approach software development differently to some of us developers.
"There are so many amazing security features in .NET. There's so many. Like, because I... I wrote about eight different frameworks and .NET by far had the absolute most different security features. And part of it, some of them are from Windows. Some of them are from C... because I wrote about C# and .NET. And to be quite honest, audience, I mixed them up quite a bit because, "what is specifically C#, and what is specifically .NET," got a bit confused in my brain. But I'm like, all of it's good. Do all of it"— Tanya Janca
Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET.
My voice was created using Generative AI.
Supporting the ShowIf you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show.
Full Show NotesThe full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/the-security-expert-speaks-tanya-janca-on-learning-to-code-securely/
Tanya's Previous Appearances:- Episode 77 - Application Security with Tanya Janca
- Episode 105 - More Application Securuty with Tanya Janca
- Tanya's books
- Tanya's newsletter
- Hello, World
- Don't Accept The Defaults
- Semgrep
- Okta
- Pushing Left, Like a Boss: Part 1
- Owasp
- DAST (Dynamic Application Security Testing)
- SAST (Static Application Security Testing)
- Semgrep Academy (previously known as WeHackPurple Academy)
- Application Security Foundations Level 1
- Owasp Juice Shop
- OwaspHeaders.Core
- Owasp Top Ten
- Content-Security-Policy Trusted Types
- Jason Haddix
- Retrieval-Augmented Generation (aka RAG)
- Posting Malicious Code as an Answer
- Leave a rating or review
- Buy the show a coffee
- Become a patron
- Via the contact page
- Joining the Discord
Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend.
And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch.
You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.
View all episodes
By Jamie Taylor
4.6
3333 ratings
RJJ Software's Software Development Service
This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations.
Show Notes"From the very first lesson of "Hello, World" they teach us to make insecure code. So the first thing with "Hello, World" is how to output to the screen. That is fine. But the second part of "Hello, World" is: you ask them their name, you take their name. you don't validate it, and then you say "Hello," and you reflect their name back onto the screen with no output encoding. And then you just made cross-site scripting. And right from the very first lesson, we teach everyone wrong in pretty much every language, and so as a result we end up with a lot of people doing code the wrong way. Like, universities are still teaching lots of things wrong. And so I'm hoping that this book will help."— Tanya Janca
Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie's throat infection returned, making it tough for him to record this intro.
In this episode, we welcomed Tanya Janca back to the show. This conversation marks her third appearance on the show, and a slight change in focus to Secure Coding. We talk about how developers are taught to write insecure code from day one (or "Hello, World!"), about how her new book "Alice and Bob Learn Secure Coding" could help with that, the many hours of free education and learning that Tanya has created alongside the book, and how both data scientists and academics approach software development differently to some of us developers.
"There are so many amazing security features in .NET. There's so many. Like, because I... I wrote about eight different frameworks and .NET by far had the absolute most different security features. And part of it, some of them are from Windows. Some of them are from C... because I wrote about C# and .NET. And to be quite honest, audience, I mixed them up quite a bit because, "what is specifically C#, and what is specifically .NET," got a bit confused in my brain. But I'm like, all of it's good. Do all of it"— Tanya Janca
Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET.
My voice was created using Generative AI.
Supporting the ShowIf you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show.
Full Show NotesThe full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/the-security-expert-speaks-tanya-janca-on-learning-to-code-securely/
Tanya's Previous Appearances:- Episode 77 - Application Security with Tanya Janca
- Episode 105 - More Application Securuty with Tanya Janca
- Tanya's books
- Tanya's newsletter
- Hello, World
- Don't Accept The Defaults
- Semgrep
- Okta
- Pushing Left, Like a Boss: Part 1
- Owasp
- DAST (Dynamic Application Security Testing)
- SAST (Static Application Security Testing)
- Semgrep Academy (previously known as WeHackPurple Academy)
- Application Security Foundations Level 1
- Owasp Juice Shop
- OwaspHeaders.Core
- Owasp Top Ten
- Content-Security-Policy Trusted Types
- Jason Haddix
- Retrieval-Augmented Generation (aka RAG)
- Posting Malicious Code as an Answer
- Leave a rating or review
- Buy the show a coffee
- Become a patron
- Via the contact page
- Joining the Discord
Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend.
And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch.
You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.
More shows like The Modern .NET Show
View all
Hanselminutes with Scott Hanselman
378 Listeners
Software Engineering Radio - the podcast for professional software developers
262 Listeners
.NET Rocks!
246 Listeners
The Changelog: Software Development, Open Source
285 Listeners
Thoughtworks Technology Podcast
43 Listeners
Software Engineering Daily
629 Listeners
Go Time: Golang, Software Engineering
128 Listeners
Merge Conflict
89 Listeners
JS Party: JavaScript, CSS, Web Development
92 Listeners
Syntax - Tasty Web Development Treats
986 Listeners
CoRecursive: Coding Stories
185 Listeners
Adventures in .NET
6 Listeners
The Stack Overflow Podcast
63 Listeners
The Real Python Podcast
137 Listeners
The Unhandled Exception Podcast
2 Listeners