This Software Engineering Radio podcast interviews Tanya Janka about integrating secure coding practices into the software development lifecycle (SDLC). The discussion covers fundamental security concepts (least privilege, usable security, and avoiding implied trust), the CIA triad, and how to incorporate security into each SDLC phase (requirements, design, coding, testing, and post-go-live). Janka emphasizes the importance of threat modeling, secure coding guidelines (input validation, output encoding, parameterized queries, and security headers), and various security testing methods (SAST, DAST, IAST, and supply chain security). Listeners gain practical advice on building secure systems, including using checklists, code review tools, and establishing clear security requirements and metrics. A key takeaway is the importance of not assuming trust in systems and data, validating all inputs, and using parameterized queries to prevent vulnerabilities like SQL injection.
Sign in to continue reading, translating and more.
Continue
