Tanya Janca

Tanya Janca

Head of Community and Education - Semgrep

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the Head of Education and Community at Semgrep, sharing content and training that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty-five years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things’. She is an award-winning public speaker & active blogger, and has delivered hundreds of talks on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.

Advisor: Nord VPN, Aiya Corp

Faculty: IANs Research

Founder: We Hack Purple, OWASP DevSlop, #CyberMentoringMonday, WoSEC

Presentation Abstract

Talk - 30 Tips for Secure JavaScript

In this talk, we will cover 30 tips for writing more secure JavaScript, emphasizing what to do, what NOT to do, and utilizing open-source tooling to enhance security. JavaScript is not only the most popular web programming language, but it also faces security threats like XSS and code injection, meaning we need to ensure our JavaScript is tough, rugged, and secure.

We’ll touch only upon items that are specific to JavaScript, as opposed to agnostic topics that apply to all languages, such as encryption or authentication. By the end, you’ll gain insights into selecting the best framework, adopting secure coding practices, and leveraging tools for web application security, catering to both seasoned developers and beginners seeking practical guidance.

Workshop - Adding SAST to CI/CD, Without Losing Any Friends

This workshop will discuss multiple options for adding static application security testing (SAST) to a CI/CD, in ways that won’t compromise speed or results, such as learning which results can be safely ignored, writing rules, company-specific checks, scanning PRs instead of commits, and splitting blocking scans versus deep audit scans. The lab will also cover ways to continuously find vulnerabilities.