Tanya Janca | SheHacksPurple

DevSec Station

DevSec Station is a security focused podcast for software developers who want to create amazing applications. Hosted by Tanya Janca, also known as SheHacksPurple, these short lessons will help you level up.

Autor

Tanya Janca | SheHacksPurple

Kategorie

Technology

Podcast-Website

www.devsecstation.com

Neueste Folge

1. Jul 2026

Wo hören?

Podcasts in der App Replaio Radio Bald verfügbar

Podcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts

Bei Google Play herunterladen Kostenlos installieren Android 5 Mio.+ Downloads · Bewertung 4,8 iOS bald

Folgen

Vibe Coding, Copilots, and Security Drift 01.07.2026

AI coding assistants can help developers move incredibly fast. But this new speed comes with a new challenge: security drift . This episode is sponsored by Maze . In this episode of DevSec Station, Tanya Janca explores how tools like GitHub Copilot, ChatGPT, Cursor, and other AI coding assistants can unintentionally change the security assumptions your software was built on. You'll learn what...

Secrets Management: Stop Playing Whack-a-Mole 18.06.2026

If you've ever committed an API key, password, token, certificate, or other secret to a repository, you're not alone. Most secret leaks don't happen because developers don't care about security. They happen because the easiest place to put a secret is inside the code that uses it. This episode is sponsored by Maze . In this episode of DevSec Station, Tanya Janca explains why se...

Supply Chain Is More Than Just Dependencies 04.06.2026

Most developers think software supply chain security starts and ends with dependencies. But modern supply chain attacks don't stop there. Attackers look for paths into your software, and those paths often run through developers, CI/CD systems, build tools, deployment pipelines, and other trusted parts of the software delivery process. This episode is sponsored by Maze . In this episode of Dev...

Malicious Dependencies Aren’t an Accident 21.05.2026

Malicious dependencies are not accidents. They are often intentionally designed to look trustworthy so developers install them without hesitation. In this episode of DevSec Station, Tanya Janca explains how attackers use typosquatting, dependency confusion, fake packages, and even AI-generated recommendations to compromise developer environments and steal credentials.  This episode is sponsored by...

NPM Supply Chain Attack: Active Worm Stealing Tokens, SSH Keys, and Credentials 22.04.2026

🚨 Emergency DevSec Station update. There’s an active npm supply chain attack happening right now. Malicious npm packages are running install scripts that quietly steal:  • SSH keys  • AWS credentials  • GitHub tokens  • Browser passwords  • Crypto wallets From there, the attack uses your npm publish token to spread into every package you maintain. That’s how this turns into a worm across the npm...

How Modern Supply Chain Attacks Really Happen (Step-by-Step Breakdown for Developers) 14.04.2026

What if a supply chain attack didn’t start with a complex exploit… but something completely normal? A typo.  A copy-paste.  Even an AI suggestion. In this episode, Tanya Janca breaks down how modern supply chain attacks actually happen inside everyday developer workflows. These attacks aren’t one big moment. They’re a series of small, reasonable decisions that quietly introduce risk. You’ll learn:...

Developers Are Now Targets: How Supply Chain Attacks Actually Reach You 21.03.2026

Developers are no longer just building software.  They’re being targeted directly. In this episode, Tanya Janca explains how supply chain attacks reach developers through everyday tools, packages, and workflows. These attacks don’t feel like attacks at first. They look like normal development work until it’s too late. You’ll learn:  • How supply chain attacks reach individual developers  • Why dev...

Höre den Podcast DevSec Station in Replaio

Radio und Podcasts in einer App - kostenlos und ohne Anmeldung. Installiere sie noch heute und verpasse den Start nicht

Bei Google Play herunterladen

Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet