Tanya Janca | SheHacksPurple

DevSec Station

DevSec Station is a security focused podcast for software developers who want to create amazing applications. Hosted by Tanya Janca, also known as SheHacksPurple, these short lessons will help you level up.

Auteur

Tanya Janca | SheHacksPurple

Catégorie

Technology

Site du podcast

www.devsecstation.com

Dernier épisode

1 juil. 2026

Où écouter ?

Les podcasts dans l'appli Replaio Radio Bientôt disponible

Les podcasts arrivent très bientôt dans l'appli. Installe-la dès maintenant et découvre en avant-première une toute nouvelle façon de vivre les podcasts

Télécharger sur Google Play Installe-la gratuitement Android 5 M+ de téléchargements · note de 4,8 iOS bientôt

Épisodes

Vibe Coding, Copilots, and Security Drift 01.07.2026

AI coding assistants can help developers move incredibly fast. But this new speed comes with a new challenge: security drift . This episode is sponsored by Maze . In this episode of DevSec Station, Tanya Janca explores how tools like GitHub Copilot, ChatGPT, Cursor, and other AI coding assistants can unintentionally change the security assumptions your software was built on. You'll learn what...

Secrets Management: Stop Playing Whack-a-Mole 18.06.2026

If you've ever committed an API key, password, token, certificate, or other secret to a repository, you're not alone. Most secret leaks don't happen because developers don't care about security. They happen because the easiest place to put a secret is inside the code that uses it. This episode is sponsored by Maze . In this episode of DevSec Station, Tanya Janca explains why se...

Supply Chain Is More Than Just Dependencies 04.06.2026

Most developers think software supply chain security starts and ends with dependencies. But modern supply chain attacks don't stop there. Attackers look for paths into your software, and those paths often run through developers, CI/CD systems, build tools, deployment pipelines, and other trusted parts of the software delivery process. This episode is sponsored by Maze . In this episode of Dev...

Malicious Dependencies Aren’t an Accident 21.05.2026

Malicious dependencies are not accidents. They are often intentionally designed to look trustworthy so developers install them without hesitation. In this episode of DevSec Station, Tanya Janca explains how attackers use typosquatting, dependency confusion, fake packages, and even AI-generated recommendations to compromise developer environments and steal credentials.  This episode is sponsored by...

NPM Supply Chain Attack: Active Worm Stealing Tokens, SSH Keys, and Credentials 22.04.2026

🚨 Emergency DevSec Station update. There’s an active npm supply chain attack happening right now. Malicious npm packages are running install scripts that quietly steal:  • SSH keys  • AWS credentials  • GitHub tokens  • Browser passwords  • Crypto wallets From there, the attack uses your npm publish token to spread into every package you maintain. That’s how this turns into a worm across the npm...

How Modern Supply Chain Attacks Really Happen (Step-by-Step Breakdown for Developers) 14.04.2026

What if a supply chain attack didn’t start with a complex exploit… but something completely normal? A typo.  A copy-paste.  Even an AI suggestion. In this episode, Tanya Janca breaks down how modern supply chain attacks actually happen inside everyday developer workflows. These attacks aren’t one big moment. They’re a series of small, reasonable decisions that quietly introduce risk. You’ll learn:...

Developers Are Now Targets: How Supply Chain Attacks Actually Reach You 21.03.2026

Developers are no longer just building software.  They’re being targeted directly. In this episode, Tanya Janca explains how supply chain attacks reach developers through everyday tools, packages, and workflows. These attacks don’t feel like attacks at first. They look like normal development work until it’s too late. You’ll learn:  • How supply chain attacks reach individual developers  • Why dev...

Écoute le podcast DevSec Station sur Replaio

La radio et les podcasts dans une seule appli - gratuite, sans inscription. Installe-la dès aujourd'hui et ne rate pas le lancement

Télécharger sur Google Play

Replaio n'est pas éditeur de podcasts ; les noms des émissions, les visuels et l'audio appartiennent à leurs auteurs et sont diffusés via des flux RSS publics