The Security Ledger Podcasts   /     Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple

Description

Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development’s “tragedy of the commons,” as more and more development teams lean on open source code. The post Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack...Read the whole entry... »Click the icon below to listen. Related StoriesAttacks on APIs demand a Security Re-ThinkEpisode 250: Window Snyder of Thistle on Making IoT Security EasySpotlight: Traceable CSO Richard Bird on Securing the API Economy

Summary


In this Security Ledger Podcast interview from earlier this year, Tanya Janca of the group We Hack Purple (now SemGrep), talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development’s “tragedy of the commons,” as more and more development teams lean on open source code.



[Video Podcast] | [MP3] | [Transcript]







Editor’s note: since recording this conversation with Tanya, We Hack Purple was acquired by Semgrep, where Tanya Janca in now the Head of Community and Education.



One of the thorny problems facing modern development organizations is the gap between their development- and application security teams. In many organizations, application develop happens separately from application security testing including pen testing, red teaming and the like. That can create bad dynamics, with appsec teams playing the role of gate keepers and finger wagging disciplinarians, rather than collaborators.



Tanya Janca is the founder of We Hack Purple and the ead of Education and Community at Semgrep!


Hacking Purple to Bridge The Dev-AppSec Divide



Our guest this week, Tanya Janca, set out to bridge those divides. The founder of the group We Hack Purple (recently acquired by SemGrep), Tanya is a skilled developer and experienced pen tester/red team-er who has always taken it as her mission to not just identify security weaknesses in applications, but also to work constructively with development teams to address those weaknesses and to develop the secure coding skills and habits to stop making the same mistakes time and again. The organization she founded, We Hack Purple, offers courses for developers to learn core application security concepts and skills, and offers discussion groups where developers can seek help from the community around a range of issues. (Tanya also hosts her own podcast, which you can check out here.)



Attacks on APIs demand a Security Re-Think



DevSecOps Teams’ Worst Security Fails



In this conversation, which was recorded ahead of the RSA Conference back in April, I asked Tanya to dig into the details of a talk she was giving on “DevSecOps Worst Practices.” That was based on her experience advising development and DevOps teams – things like failing to tune your testing tools and breaking builds under a tsunami of “false positives.”



Supply Chain Hackers LofyGang Behind Hundreds of Malicious Packages



Tanya and I also talk about some of the bigger threats to application security. Among them: threats and attacks on open source software supply chains and a “tragedy of the commons” playing out in the open sour...

Subtitle
Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development’s “tragedy of the commons,” as more and more development teams lean on
Duration
32:48
Publishing date
2023-10-04 12:01
Link
https://feeds.feedblitz.com/~/797526818/0/thesecurityledger~Episode-DevSecOps-Worst-Practices-With-Tanya-Janca-of-We-Hack-Purple/
Contributors
  Paul F. Roberts
author  
Enclosures
https://feeds.feedblitz.com/-/797526815/0/thesecurityledger.mp3
audio/mpeg

Shownotes

Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development’s “tragedy of the commons,” as more and more development teams lean on open source code.

The post Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack...

Read the whole entry... »

Click the icon below to listen.

Related Stories