Tanya Janca | Shehackspurple

📢 Announcing DevSec Station, my new podcast! 💜 If you write code, this is for you. Short, practical #AppSec lessons. No scare tactics. Very little homework. 😉 twp.ai/kuwhZt twp.ai/gEHSNp

Episode #2 of DevSec Station is out! Listen on any podcast platform or watch here: twp.ai/bWUEhH twp.ai/WpozVD

@kmcnam1 Loooooooool

I joined The Secure Disclosure to talk OWASP Top 10, vibe coding, broken access control, and why “we’ll fix security later” remains one of our industry’s most cursed little traditions. Spoiler: secure coding is not magic. It is a skill. We should probably teach it. 💜 Listen to the full episode with Vinit Patel now! YouTube: twp.ai/uH9DTY Spotify: twp.ai/paTyHU Apple Podcasts: twp.ai/gD9TtM

I joined The Secure Disclosure to talk OWASP Top 10, vibe coding, broken access control, and why “we’ll fix security later” remains one of our industry’s most cursed little traditions. Spoiler: secure coding is not magic. It is a skill. We should probably teach it. 💜 Listen to the full episode with Vinit Patel now! YouTube: twp.ai/uH9DTZ Spotify: twp.ai/ktoj5R Apple Podcasts: twp.ai/WpozVF

Yes. Your heart is telling you not to copy and paste from the AI into production. Seriously, listen to it.

On my way across Canada, early, for #ndctoronto. 🥳 🇨🇦 #ndcconferences #messyhair

I’m doing another live book stream 😊 June 3, 8:00 am PST, I’ll be diving into Chapter 3 of Alice and Bob Learn Secure Coding with Scott Helme. This chapter, “Improving”, is one of my favourites because it’s all the “okay but how do I actually do that?” stuff. twp.ai/gDAGLi We’ll talk about: • safer file uploads • protecting databases • avoiding overflows (yes, even in 2026…) • logging, monitoring, alerting • crypto practices that won’t hurt you later It’s casual, it’s interactive, and you can jump in with questions anytime. Would love to see you there 💜 RSVP here for calendar invites: twp.ai/gDAGLi Or just join us live: twp.ai/S9AWlW

Developers do not need more shame about security. We need better systems. Software supply chain risk is something we can prevent with secure defaults. Watch the full podcast episode at the link below to learn how! twp.ai/IlpoLg

@TheCyberVine Will get back to you next week.

@shehackspurple Thank you ma 🔥🤍 Really appreciate you and your works so much I've sent the email through divinekylian360@gmail.com

I updated my training page and made a real brochure instead of “here’s a slide deck and blah” 😅 If you’re looking for secure-coding training that respects developers and actually sticks: 👉 twp.ai/SAHXhx Brochure: twp.ai/Imx3Jp

@Tempus_Amoris Yeah!!!!

@shehackspurple The Dark Purpley Side! We have cookies!

Do you plan to transition into security one day? If so, which area and why that one? If not, why not? How can we convince you to join the dark side? :-D #AppSecThursday #talkAppSectome

Guess who got her irrigation working? There's going to be a lot of flowers. 🌞 #infosecgardening

Yesssss, it’s happening! I’m joining Raghu Nandakumara from Illumio for a LinkedIn Live on a very spicy little topic: You’ve Built a Security Stack. Have You Built a False Sense of Security? Because buying more tools does not magically equal better security. Sometimes it just means you now have more dashboards to ignore. 😅 We’ll be talking about complexity, cyber resilience, and what it actually takes to improve security outcomes. 📅 Tuesday, May 19 ⏰ 9am PT / 12pm ET 📍 LinkedIn Live Come hang out with us! twp.ai/IlpPey

🚨 Emergency DevSec Station Drop There's an active npm supply chain attack happening right now. Compromised packages are stealing SSH keys, AWS credentials, GitHub tokens, browser passwords, and crypto wallets on install. Then using your publish token to infect every package you maintain. One command can protect you immediately: npm config set ignore-scripts true Do it today, please. Tell your team. Watch the full 60 seconds. Video link: twp.ai/IlpFux #AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm

@TheCyberVine I appreciate you. Send me an email. Tanya AT SheHacksPurple DOT ca

@shehackspurple So we can get deep insights,advice and guidance on all our individual long term plan and future

@TheCyberVine 💜

@shehackspurple Great update and page ma 🔥🔥

I’m excited to announce that I’ll be teaching a two-day class at CppCon Sept 2026: Secure Engineering in Modern C++: Preventing Catastrophic Failures C++ powers infrastructure, robotics, finance, game engines, and safety-critical systems. But small engineering mistakes can turn into major security failures. In this hands-on class we’ll: • analyze insecure native code • learn best practices and common pitfalls • fix bugs together using modern C++ patterns • practice threat modeling and fuzz testing If you write or maintain C++ systems, this class will help you build software that stays secure under real-world pressure. 🎥 Short video below 🔗 Register here: twp.ai/Ilq47e

I had the absolute pleasure of joining Chris Hughes on the Resilient Cyber Show to talk about AI-generated code, “vibe coding,” the new AppSec reality, and why developers are now one of the most important attack surfaces we need to protect. We got into OWASP Top 10 2025, Mythos-class AI capabilities, secure coding with AI assistants, prompt-layer defenses, MCP servers, RAG pipelines, supply chain risks, and my new free prompt library: SecureMyVibe.ca. Basically: the robots are helping us write code now, which is great, except when the robots confidently hand us a security problem wearing a tiny little party hat. 🎉 If you build software, secure software, lead AppSec, or are currently side-eyeing your AI assistant, this episode is for you. Thank you, Chris, for such a thoughtful and fun conversation! Listen to the episode here: twp.ai/IlpFuq

I’m thrilled to share that I’ll be teaching at Black Hat USA this August! My training is Secure Coding for Embedded Systems in C and C++. If you write firmware or low-level code, we’ll dig into the security pitfalls that show up again and again in C and C++ and practice fixing them together. Lots of vulnerable code. Lots of practical fixes. Lots of ways to build safer software. 🎥 Watch the short video below 🔗 Save your seat: twp.ai/Ilq58r

More fake extensions linked to GlassWorm found in Open VSX code marketplace - article by Howard Solomon, quotes from me. twp.ai/IlpBhu