SheHacksPurple: September 2025

Behind the scenes for my audiobook, the NEW OWASP Top Ten 2025, Public Trainings, Less Travel and more!

Tanya Janca
September 17, 2025

^{_{The SheHacksPurple Nerd-a-licious Newsletter}}

💜_{Hit ‘reply’ to send me a message! I read every response and love hearing from you.}💜

I sent even more letters to the government about my secure coding policy I want them to adopt, fun times! Update: a staffer for an MP wrote me back to ask if I wanted an online or physical petition, I said online. No response since… Sigh. I will take a physical one if that’s all I can get!

Hello secure coding enthusiasts!

This month I recorded the audiobook for Alice and Bob Learn Secure Coding, and after receiving a lot of questions, I wrote a blog post about the experience. I travelled to Ottawa, Montreal, and home again, and now I’m getting ready to head back to Ottawa and Toronto next month, for SecTor and some private training contracts.

I have a couple of announcements about some things I am working on. 😄

I’ve join the OWASP Top Ten Risks to Web Apps project team, and we are going to be releasing a brand new list this November. No, I cannot tell you what the list will contain in advance, sorry. :-/
I’m going to be opening a new community learning platform later this year, all about secure coding and AppSec. I’ve finally decided on a name, after agonizing about it months… DevSecStation. There will be parts that are free and parts that are paid (such as the live training events), and I hope there will be something in there for everyone. ❤️
I’m going to be travelling less, starting next year. I want to create more content, and hold more online events, so that anyone from anywhere can come along for the ride. I’m going to try to focus my trips on either really large events, or events that revolve around my favourite topics (secure coding and AppSec). My hope is that this will make my work and content available for more people.
I’m going to start offering training open to the public. A lot of companies I speak to have only 5-10 developers, and it just doesn’t make sense to have someone like me in for such a small group. I wanted to create options for smaller companies, and for individuals, and I hope this new offering does just that!

If you have any questions, comments, concerns, memes-I-definitely-need-to-see, etc. Just hit reply! Thank you for subscribing to my little nerdy newsletter.

Tanya

Turn GRC into a strategic advantage with this practical guide

46% of leaders say regulatory complexity keeps them up at night. Today, GRC is more complex and critical to get right, yet harder than ever to manage.

In Automating GRC: A practical guide for security teams, Tines shares how modern teams are using workflow orchestration and automation to reduce manual GRC work and more effectively manage risk across the organization.

In the guide, you’ll get:

Four real-world automation opportunities to streamline GRC tasks
Case studies from teams at Druva, PathAI, and others
A practical checklist to turn GRC into a strategic advantage

New Content!

What it’s Like to Record an Audiobook - blog post
I interviewed Farah Hawa at Diana Initiative in Las Vegas!
Interview with Vandana Verma at Black Hat (I asked her questions)
Vibe Coding Will Get You Hacked - with David Bombal, at Black Hat
Stop Trusting Input: 3 Rules - with David Bombal, at Black Hat
Let's start learning AI Security - I was interviewed by my amazing friend Vandana Verma, at Black Hat (she asked me questions)
What do I think of "Shift Left"? Hear my answer to my friend Laura Bell's question.
If you want a quick laugh: Bilingual hilarity...

Events!

Sept 19th, half day, live, virtual, Anti-Syphon Training Workshop: The OWASP API Security Top Ten 2023 with Tanya Janca, $25-$150 sliding scale
Sept 30-Oct 2 - SecTor Conference in Toronto, Canada! In person!
October 9 (evening), OWASP Ottawa, in person!
October 9-10, Wild West Hackin’ Fest - Deadwood, virtual talk on the 10th!
November 5, 2025 OWASP 2025 Global AppSec USA (Washington, DC), My training is $850, 1-Day Training: API Security: Hands-On Secure API Design & Hardening - in person
Nov 6-7, 2025 OWASP 2025 Global AppSec USA (Washington, DC), my talk was accepted: Threat Modeling Developer Behaviour: The Psychology of Bad Code - in person
December 1-2, Training Session at NDC Manchester, AI & Security Secure Coding & API Hardening: Hands-On Secure Design, Development, and Threat Modelling - in person
December 3-4, NDC Manchester, AI & Security, Manchester, UK, I will be giving TWO talks! in person
December 5th - OWASP London, in person! Free!
Feb 10-13, 2026 - Wild West Hackin’ Fest - Mile High, I will be giving training and also a talk! In person!
July 2026: Keynote for DevOpsDays Lima in Peru! That’s right folks, I’m going back to South America!

Random

I made you a gift: a Vue.js cheatsheet! Well, I made it for a client, but I’m going to share it with all of you as well. 💗 I hope you like it! If someone else wants a copy, I am trying to grow my newsletter, so please send them this sign-up-for-my-newsletter-link, rather than just forwarding the PDF, if you wouldn’t mind. Thanks!

	Vue.JS Cheat Sheet - SheHacksPurple.pdf218.66 KB • PDF File

We end with a meme.

OUCH, those were my feelings…