Tanya Janca | SheHacksPurple
DevSec Station
DevSec Station is a security focused podcast for software developers who want to create amazing applications. Hosted by Tanya Janca, also known as SheHacksPurple, these short lessons will help you level up.
Koniecznie odwiedź stronę podcastu i wesprzyj twórcę: www.devsecstation.com
Autor
Tanya Janca | SheHacksPurple
Kategoria
Strona podcastu
Ostatni odcinek
1 lip 2026
Gdzie słuchać?
Podcasty w aplikacji Replaio Radio Już wkrótcePodcasty trafią do aplikacji już wkrótce. Zainstaluj teraz i jako pierwszy zobacz nowe podejście do podcastów
Odcinki
Vibe Coding, Copilots, and Security Drift 01.07.2026 7:50
AI coding assistants can help developers move incredibly fast. But this new speed comes with a new challenge: security drift . This episode is sponsored by Maze . In this episode of DevSec Station, Tanya Janca explores how tools like GitHub Copilot, ChatGPT, Cursor, and other AI coding assistants can unintentionally change the security assumptions your software was built on. You'll learn what...
Secrets Management: Stop Playing Whack-a-Mole 18.06.2026 7:08
If you've ever committed an API key, password, token, certificate, or other secret to a repository, you're not alone. Most secret leaks don't happen because developers don't care about security. They happen because the easiest place to put a secret is inside the code that uses it. This episode is sponsored by Maze . In this episode of DevSec Station, Tanya Janca explains why se...
Supply Chain Is More Than Just Dependencies 04.06.2026 7:00
Most developers think software supply chain security starts and ends with dependencies. But modern supply chain attacks don't stop there. Attackers look for paths into your software, and those paths often run through developers, CI/CD systems, build tools, deployment pipelines, and other trusted parts of the software delivery process. This episode is sponsored by Maze . In this episode of Dev...
Malicious Dependencies Aren’t an Accident 21.05.2026 7:49
Malicious dependencies are not accidents. They are often intentionally designed to look trustworthy so developers install them without hesitation. In this episode of DevSec Station, Tanya Janca explains how attackers use typosquatting, dependency confusion, fake packages, and even AI-generated recommendations to compromise developer environments and steal credentials. This episode is sponsored by...
NPM Supply Chain Attack: Active Worm Stealing Tokens, SSH Keys, and Credentials 22.04.2026 2:29
🚨 Emergency DevSec Station update. There’s an active npm supply chain attack happening right now. Malicious npm packages are running install scripts that quietly steal: • SSH keys • AWS credentials • GitHub tokens • Browser passwords • Crypto wallets From there, the attack uses your npm publish token to spread into every package you maintain. That’s how this turns into a worm across the npm...
How Modern Supply Chain Attacks Really Happen (Step-by-Step Breakdown for Developers) 14.04.2026 10:14
What if a supply chain attack didn’t start with a complex exploit… but something completely normal? A typo. A copy-paste. Even an AI suggestion. In this episode, Tanya Janca breaks down how modern supply chain attacks actually happen inside everyday developer workflows. These attacks aren’t one big moment. They’re a series of small, reasonable decisions that quietly introduce risk. You’ll learn:...
Developers Are Now Targets: How Supply Chain Attacks Actually Reach You 21.03.2026 6:01
Developers are no longer just building software. They’re being targeted directly. In this episode, Tanya Janca explains how supply chain attacks reach developers through everyday tools, packages, and workflows. These attacks don’t feel like attacks at first. They look like normal development work until it’s too late. You’ll learn: • How supply chain attacks reach individual developers • Why dev...
Podobne podcasty
Replaio nie jest wydawcą podcastów; nazwy audycji, okładki i audio należą do ich autorów i są rozpowszechniane przez publiczne kanały RSS