Home Podcasts DevSec Station

DevSec Station

Tanya Janca | SheHacksPurple 5 episodes Latest Jun 4, 2026

DevSec Station is a security focused podcast for software developers who want to create amazing applications. Hosted by Tanya Janca, also known as SheHacksPurple, these short lessons will help you level up.

Episodes

Supply Chain Is More Than Just Dependencies Jun 4, 2026 420 Most developers think software supply chain security starts and ends with dependencies. But modern supply chain attacks don't stop there. Attackers look for paths into your software, and those paths often run through developers, CI/CD systems, build tools, deployment pipelines, and other trusted parts of the software delivery process.This episode is sponsored by Maze.In this episode of DevSec

Malicious Dependencies Aren’t an Accident May 21, 2026 469 Malicious dependencies are not accidents. They are often intentionally designed to look trustworthy so developers install them without hesitation. In this episode of DevSec Station, Tanya Janca explains how attackers use typosquatting, dependency confusion, fake packages, and even AI-generated recommendations to compromise developer environments and steal credentials. This episode is sponsored by

NPM Supply Chain Attack: Active Worm Stealing Tokens, SSH Keys, and Credentials Apr 22, 2026 149 🚨 Emergency DevSec Station update.There’s an active npm supply chain attack happening right now.Malicious npm packages are running install scripts that quietly steal: • SSH keys • AWS credentials • GitHub tokens • Browser passwords • Crypto walletsFrom there, the attack uses your npm publish token to spread into every package you maintain. That’s how this turns into a worm across the npm ecosystem

How Modern Supply Chain Attacks Really Happen (Step-by-Step Breakdown for Developers) Apr 14, 2026 614 What if a supply chain attack didn’t start with a complex exploit… but something completely normal?A typo. A copy-paste. Even an AI suggestion.In this episode, Tanya Janca breaks down how modern supply chain attacks actually happen inside everyday developer workflows.These attacks aren’t one big moment. They’re a series of small, reasonable decisions that quietly introduce risk.You’ll learn: • Why

Developers Are Now Targets: How Supply Chain Attacks Actually Reach You Mar 21, 2026 361 Developers are no longer just building software. They’re being targeted directly.In this episode, Tanya Janca explains how supply chain attacks reach developers through everyday tools, packages, and workflows.These attacks don’t feel like attacks at first. They look like normal development work until it’s too late.You’ll learn: • How supply chain attacks reach individual developers • Why developer

DevSec Station

Episodes

Recommended

—