Tanya Janca | SheHacksPurple
@shehackspurple.bsky.social
Secure Code Trainer - Best-selling author of Alice and Bob Learn Secure Coding & Alice and Bob Learn Application Security. #AppSec she/her
https://shehackspurple.ca 🌻
https://shehackspurple.ca 🌻
Pinned
Recording videos for my new C C++ Embedded Secure Coding course for my new academy, DevSec Station.
Sign up to be notified when it opens, here: https://twp.ai/4itwXF
Sign up to be notified when it opens, here: https://twp.ai/4itwXF
Apply ice to burn.
December 27, 2025 at 3:55 AM
Apply ice to burn.
The Psychology of Bad Code: Why 'do the right thing' doesn't work...
https://twp.ai/ImttGA
More here: https://twp.ai/E6Ee46
https://twp.ai/ImttGA
More here: https://twp.ai/E6Ee46
December 26, 2025 at 11:48 PM
The Psychology of Bad Code: Why 'do the right thing' doesn't work...
https://twp.ai/ImttGA
More here: https://twp.ai/E6Ee46
https://twp.ai/ImttGA
More here: https://twp.ai/E6Ee46
Continuing my series on The Psychology of Bad Code, this is an introductory video about the entire concept:
https://twp.ai/ImttDk
For the blog series, which you can read here: https://twp.ai/E6Ee1g
https://twp.ai/ImttDk
For the blog series, which you can read here: https://twp.ai/E6Ee1g
December 25, 2025 at 2:22 AM
Continuing my series on The Psychology of Bad Code, this is an introductory video about the entire concept:
https://twp.ai/ImttDk
For the blog series, which you can read here: https://twp.ai/E6Ee1g
https://twp.ai/ImttDk
For the blog series, which you can read here: https://twp.ai/E6Ee1g
My second blog post in the series 'The Psychology of Bad Code' is now out, with videos and more about Building Systems That Support Secure Developer Behavior!
https://twp.ai/9PZOpI
https://twp.ai/9PZOpI
December 23, 2025 at 11:47 PM
My second blog post in the series 'The Psychology of Bad Code' is now out, with videos and more about Building Systems That Support Secure Developer Behavior!
https://twp.ai/9PZOpI
https://twp.ai/9PZOpI
If you had to explain SQL injection using only emojis, how would you do it? 🤓 #talkappsectome
December 22, 2025 at 10:23 PM
If you had to explain SQL injection using only emojis, how would you do it? 🤓 #talkappsectome
It’s #CyberMentoringMonday!!!! Are you looking for a professional mentor or to learn more about InfoSec? Are you experienced and willing to ‘give back’? Use this thread and hashtag to connect!
December 22, 2025 at 3:01 PM
It’s #CyberMentoringMonday!!!! Are you looking for a professional mentor or to learn more about InfoSec? Are you experienced and willing to ‘give back’? Use this thread and hashtag to connect!
December 21, 2025 at 6:35 PM
Important question for software developers: what do you wish you knew more about in regard to creating more secure software? If you could suddenly know something, like Neo in the matrix, what would it be?
I will see if I can help.
I will see if I can help.
December 21, 2025 at 1:21 AM
Important question for software developers: what do you wish you knew more about in regard to creating more secure software? If you could suddenly know something, like Neo in the matrix, what would it be?
I will see if I can help.
I will see if I can help.
How To Get Your First Job In #Cybersecurity: a blog post of all the steps you need to transition into #InfoSec!
https://twp.ai/9PXjit
https://twp.ai/9PXjit
December 20, 2025 at 5:18 PM
How To Get Your First Job In #Cybersecurity: a blog post of all the steps you need to transition into #InfoSec!
https://twp.ai/9PXjit
https://twp.ai/9PXjit
Patching in the wild
December 19, 2025 at 6:00 PM
Patching in the wild
Random Tanya Thoughts on Video: securing vibe coded apps built by non-software engineers. How do we handle that?????
https://twp.ai/9PXooH
https://twp.ai/9PXooH
December 19, 2025 at 2:03 AM
Random Tanya Thoughts on Video: securing vibe coded apps built by non-software engineers. How do we handle that?????
https://twp.ai/9PXooH
https://twp.ai/9PXooH
What’s the weirdest or most obscure vuln you’ve ever had to explain to a stakeholder? Can you tell me about it? Also, how did it go? #talkappsectome
December 18, 2025 at 8:34 PM
What’s the weirdest or most obscure vuln you’ve ever had to explain to a stakeholder? Can you tell me about it? Also, how did it go? #talkappsectome
Reposted by Tanya Janca | SheHacksPurple
A new episode of the show hit the feed this morning, just in time for your holiday travels! This time, @shehackspurple.bsky.social joins us to talk about the importance of application security.
The importance of application security in small businesses | The Mindful Business Security Show
The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Join our hosts as they take questions from business leaders like you!
On this episode, Accidental CISO is joined by guest host Tanya Janca, @shehackspurple. Tanya is a hacker, software developer, author, and educator. She is passionate about application security and helping organization's build secure software. She is also an active contributor to the cybersecurity community.
In this episode, Tanya mentioned many useful resources:
Tanya's SDLC Cheat Sheet and NewsletterTanya's Github Repo - Train the Trainer - Pushing LeftTanya's Github Repo - Train the Trainer - Security is Everybody's Job
OWASP SAMM (maturity model)OWASP Top 10 - 2025OWASP Training Videos on YouTube
Bob and Alice Learn Secure Coding by Tanya JancaBob and Alice Learn Application Security by Tanya JancaSoftware Supply Chain Security by Cassie Crosley
You can find Tanya online via her website as well as LinkedIn, Bluesky, X, Mastodon, Tiktok, and YouTube. You'll also be able to connect with her via her new online community, DevSec Station, launching in early 2026.
Additionally, you can find a playlist of Tanya's music on her YouTube channel.
Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show. Visit our podcast page and sign up now!
Show Merch: https://shop.mindfulsmbshow.com/
Website: https://www.focivity.com/podcast
Twitter: @mindfulsmbshow
Hosted by: @AccidentalCISO
Produced by: @Focivity
Theme music by Michael Kobrin.
www.mindfulsmbshow.com
December 18, 2025 at 4:28 PM
A new episode of the show hit the feed this morning, just in time for your holiday travels! This time, @shehackspurple.bsky.social joins us to talk about the importance of application security.
I asked Claude to make me a login function for an embedded medical device (insulin pump) in C or C++. It said it would make it secure. Both Claude and ChatGPT found several serious vulnerabilities in it on the first pass, without special prompting.
https://twp.ai/9PZHwc
1/2
https://twp.ai/9PZHwc
1/2
December 18, 2025 at 5:52 PM
I asked Claude to make me a login function for an embedded medical device (insulin pump) in C or C++. It said it would make it secure. Both Claude and ChatGPT found several serious vulnerabilities in it on the first pass, without special prompting.
https://twp.ai/9PZHwc
1/2
https://twp.ai/9PZHwc
1/2
FOLKS! The audiobook of Alice and Bob Learn Secure Coding is OUT on @audible now! If you buy it and like it, please rate it for me? I'm so pleased it's finally available.
https://twp.ai/9PXph0
https://twp.ai/9PXph0
December 18, 2025 at 3:14 AM
FOLKS! The audiobook of Alice and Bob Learn Secure Coding is OUT on @audible now! If you buy it and like it, please rate it for me? I'm so pleased it's finally available.
https://twp.ai/9PXph0
https://twp.ai/9PXph0
Hey folks, I would like to kindly request you consider nominating my tiny secure coding company for a 'Devies Award' for the "Services: IT Infrastructure & Security" category. With the books, advocacy, community work, and training, perhaps I'm worthy?
https://twp.ai/E6ENiJ
1/2
https://twp.ai/E6ENiJ
1/2
docs.google.com
2026 DEVIES Award Nominations
twp.ai
December 17, 2025 at 2:33 AM
Hey folks, I would like to kindly request you consider nominating my tiny secure coding company for a 'Devies Award' for the "Services: IT Infrastructure & Security" category. With the books, advocacy, community work, and training, perhaps I'm worthy?
https://twp.ai/E6ENiJ
1/2
https://twp.ai/E6ENiJ
1/2
I hosted a webinar -> Metrics, Models, and Mindsets: A Conversation About the Future of AppSec, with my friends Spyros from Smithy and Aram! Blog post and video at the link.
https://twp.ai/9PXdOb
https://twp.ai/9PXdOb
December 16, 2025 at 9:44 PM
I hosted a webinar -> Metrics, Models, and Mindsets: A Conversation About the Future of AppSec, with my friends Spyros from Smithy and Aram! Blog post and video at the link.
https://twp.ai/9PXdOb
https://twp.ai/9PXdOb
Guess who had TWO talks accepted to RSAC? Meeeeeeeeee! Will I see you in San Francisco this March?
December 16, 2025 at 7:14 PM
Guess who had TWO talks accepted to RSAC? Meeeeeeeeee! Will I see you in San Francisco this March?
The Elephant in AppSec: Why AppSec Is breaking: Vibe Coding, DevSecOps backlogs & the new OWASP Top 10
Video: https://twp.ai/ImsC7S
Audio: https://twp.ai/E6CwvO
Video: https://twp.ai/ImsC7S
Audio: https://twp.ai/E6CwvO
December 15, 2025 at 9:43 PM
The Elephant in AppSec: Why AppSec Is breaking: Vibe Coding, DevSecOps backlogs & the new OWASP Top 10
Video: https://twp.ai/ImsC7S
Audio: https://twp.ai/E6CwvO
Video: https://twp.ai/ImsC7S
Audio: https://twp.ai/E6CwvO
It’s #CyberMentoringMonday!!!! Are you looking for a professional mentor or to learn more about InfoSec? Are you experienced and willing to ‘give back’? Use this thread and hashtag to connect!
December 15, 2025 at 3:01 PM
It’s #CyberMentoringMonday!!!! Are you looking for a professional mentor or to learn more about InfoSec? Are you experienced and willing to ‘give back’? Use this thread and hashtag to connect!
Hey folks, I would like to kindly request you consider nominating my tiny secure coding company for a 'Devies Award' for the "Services: IT Infrastructure & Security" category. With the books, advocacy, community work, and training, perhaps I'm worthy?
https://twp.ai/E6ERqG
1/2
https://twp.ai/E6ERqG
1/2
docs.google.com
2026 DEVIES Award Nominations
twp.ai
December 15, 2025 at 1:33 AM
Hey folks, I would like to kindly request you consider nominating my tiny secure coding company for a 'Devies Award' for the "Services: IT Infrastructure & Security" category. With the books, advocacy, community work, and training, perhaps I'm worthy?
https://twp.ai/E6ERqG
1/2
https://twp.ai/E6ERqG
1/2
December 14, 2025 at 7:42 PM
I will be speaking at OWASP Leiria Meetup December 18th, come join us online for free! Corey .J Ball will also be there, and I will be discussing "Minimal Viable AppSec", how to build a program on a budget. Let's go! #owasp #appsec
https://twp.ai/9PXxkf
https://twp.ai/9PXxkf
December 14, 2025 at 3:07 AM
I will be speaking at OWASP Leiria Meetup December 18th, come join us online for free! Corey .J Ball will also be there, and I will be discussing "Minimal Viable AppSec", how to build a program on a budget. Let's go! #owasp #appsec
https://twp.ai/9PXxkf
https://twp.ai/9PXxkf
I went to the gym today, did you? Do you need a gentle nudge to do some self care? If so, here it is: NUDGE! 😘
#wehackhealth
#wehackhealth
December 14, 2025 at 12:59 AM
I went to the gym today, did you? Do you need a gentle nudge to do some self care? If so, here it is: NUDGE! 😘
#wehackhealth
#wehackhealth
I spoke about 'Using Artificial Intelligence, Safely' at ExtremeJ, below video.
✅ Risks when using AI in software development
✅ How to prevent unsafe AI-driven decisions
✅ Best practices for applying AI to security and development tasks
https://twp.ai/9PXSQF
✅ Risks when using AI in software development
✅ How to prevent unsafe AI-driven decisions
✅ Best practices for applying AI to security and development tasks
https://twp.ai/9PXSQF
December 13, 2025 at 9:37 PM
I spoke about 'Using Artificial Intelligence, Safely' at ExtremeJ, below video.
✅ Risks when using AI in software development
✅ How to prevent unsafe AI-driven decisions
✅ Best practices for applying AI to security and development tasks
https://twp.ai/9PXSQF
✅ Risks when using AI in software development
✅ How to prevent unsafe AI-driven decisions
✅ Best practices for applying AI to security and development tasks
https://twp.ai/9PXSQF