Alice and Bob Learn Secure Coding

"Tanya's book on Secure Coding is a brilliant example of what makes her a great expert and teacher. She takes complex material and makes it human, using clear, direct, and conversational language that sets it apart from most other books on similar topics. Her direct style shows that rather than trying to look smart, she's actually teaching! The book is a welcome inhalation of pure knowledge."
―DANIEL MIESSLER, Founder of Unsupervised Learning

"Tanya is a master at breaking down complex technical topics and making them both easily understandable and fun! I wish this book existed when I was first learning cybersecurity, as it's an excellent resource for security fundamentals and principles, important key tips for the most popular programming languages and frameworks, and how to follow a Secure System Development Life Cycle, along with tons of fun anecdotes and examples. Highly recommended for anyone who wants to rapidly learn a ton about secure coding from an industry veteran."
―CLINT GIBLER, Head of Security Research at Semgrep and Founder of tl;dr sec

"This book is hands-down one of the best resources out there for learning how to write secure code. The author has an incredible talent for breaking down tough security concepts and making them approachable without watering down the details. Each topic is presented in a way that feels thoughtful and intentional, and the examples are where the magic happens―they're clear, relatable, and most importantly, actionable. These aren't just 'nice-to-see' examples; they're the kind of scenarios you'll encounter in real projects, and they teach you exactly how to handle them securely.

What sets this book apart is its ability to cater to everyone, from beginners who are just getting their feet wet to experienced professionals looking to level up their skills. It doesn't just teach secure coding―it teaches you how to think about security as part of your coding process, which is invaluable in today's tech landscape.

If you've ever struggled to find a resource that connects the dots between theory and practical application, this book does that effortlessly. It's not just about writing code; it's about writing smart, secure code that stands the test of time. Whether you're a developer, a security enthusiast, or just someone who wants to get security right, this book is a must-have. Honestly, it's not just a read―it's a game-changer."
―VANDANA VERMA, Security Relations Leader, Founder of InfoSec Girls & InfoSec Kids, OWASP BoD and Leader

"If you're interested in learning about secure coding, this book is for you. Computer science student? Professional software engineer? Product manager for a software product? Executive at a software manufacturer? This is a book you will definitely want to read. Tanya's approach is refreshingly accessible and direct. She immediately addresses popular languages and frameworks before taking an in-depth approach to secure coding practices as they apply to each and every phase in the software development lifecycle. This book is your authoritative guide to secure coding. Learn and enjoy!"
―CAROLINE WONG, Author & Cybersecurity Expert Practitioner

"Tanya Janca's latest book is a must-read for developers looking to enhance their secure coding practices. By leading step-by-step and referencing real-world examples, she not only helps developers write stronger, more resilient code but also empowers them to lead by example. This book makes it clear how simple, intentional changes can dramatically reduce vulnerabilities and make it much harder for bad actors to exploit your work."
―GARY PERKINS, CISO

"Alice and Bob Learn Secure Coding is almost as good as having Tanya in your office, chatting with you about application security concepts and details. You'll have a great time reading this book and will learn a lot along the way."
―ADAM SHOSTACK, Security Trainer, Author, Speaker, Threat Modeling expert

"In all matters Security, trust is earned, not given. In this book, Tanya solidifies the trust she earned in her first book, Alice and Bob Learn Application Security, this time as a source of Secure Coding wisdom and knowledge. Teams will be well served from learning the adventures of Alice and Bob as they journey towards more secure code!"
―IZAR TARANDACH, author of Threat Modeling: A Practical Guide for Development Teams

"I love how the author gives the big picture and context to secure coding, so the readers can be like Alice and Bob who are also learning the approach, the architecture, the framework, and the right mindset!"
―YABING WANG, VP & CISO, Justworks

"Want to stand out and take your software engineering career to the next level? You'll need to go beyond simply 'making it work' and learn how to write high-quality and secure code. Fortunately, Tanya's unique skill and commitment to breaking down complex information, without sacrificing rich, detailed technical content, will make it easy for you to get started. This is a fantastic book for any software engineer to learn not just why, but HOW to write secure software, a skill that's much desired and highly valued in today's turbulent high-tech world."
―DUSTIN LEHR, Co-founder, CPTO of Katilyst Security, Founder of Let's talk Software Security, and author of the Security Champion Program Success Guide

"I remember attending a working session that Tanya was providing at a conference several years ago. The session was not only technical but included levity and storytelling. This book is an extension of that effective method of teaching and brings the full range of techniques, tools, and processes that are needed to build secure systems. This book is a must-have for anyone who is building or maintaining a secure system."
―DEREK FISHER, Founder, Securely Built

"This book is a modern equivalent of the pragmatic programmer for secure programming, taking you all the way from beginner to journeyman secure developer. It even has Tanya's own tales from the trenches."
―SHANE MURNION, Application Security Specialist

If you want simple, easy to follow guidance about secure coding, from a verified authority on the subject, this book is for you."
―TED HARRINGTON, #1 bestselling author, co-founder of both IoT Village and StartVRM, and Executive Partner at ISE

"From a CISO's perspective, Alice and Bob Learn Secure Coding is more than just a book―it's a strategic tool for embedding security into the organizational culture and aligning security with value-driven FinOps principles.

Like Tanya's other books, this drives transformation, enabling teams to move from reactive to proactive security. It underscores a critical truth: the earlier vulnerabilities are identified and fixed in the development lifecycle, the cheaper and more efficient it is to address them, saving time, conserving resources, and significantly reducing risk.

This proactive approach not only mitigates threats but also significantly increases asset value. After all, secure and reliable code is the foundation for every stable system."
―RAJAT RAVINDER VARUNI, CISO, SuccessKPI

"Tanya Janca's Alice and Bob Learn Secure Coding is an absolute triumph of technical writing. Building on the charm and accessibility of her first book, Tanya dives deeper into the world of secure coding, tackling one of the most pressing challenges in software development today. What sets this book apart is Tanya's ability to balance technical depth with an engaging and light-hearted tone, making complex concepts approachable for readers across all skill levels.

This book is packed with actionable insights, from detailed explanations of common vulnerabilities to practical strategies for avoiding them. Yet, it never feels overwhelming. Tanya's narrative style―peppered with humor and real-world analogies―keeps the subject matter fresh and enjoyable. It's rare to find a technical book that's as fun to read as informative, but Tanya achieves this effortlessly.

For seasoned professionals, Alice and Bob Learn Secure Coding offers a comprehensive refresher and new perspectives on evolving threats and solutions. For newcomers, it's a masterclass in the fundamentals of secure coding, presented in a way that's both digestible and inspiring. The book's structure ensures readers can easily navigate and revisit topics as needed, making it a valuable reference for years.

In short, this is a must-read for anyone who writes code or works in application security. Tanya Janca has once again proven why she's at the forefront of the industry. Alice and Bob Learn Secure Coding is not just a book―it's an investment in better, safer software for everyone."
―FRANCESCO CIPOLLONE, CEO & Founder @ Phoenix Security

"Tanya Janca has written a second book in her poignant and informative Alice and Bob series. This time the dynamic duo is learning secure coding. And like its predecessor, there is much wisdom to glean and stuff to learn from her years of experience.

This is not the kind of book that you start at the first chapter and read it all the way through. You are going to want to use it as a study guide, to fill in the gaps in your knowledge about secure coding practice and methods. Like her earlier book, she won't divulge much about specific vendor tools, but something more important: how to use the application development platforms and tools to make you a better programmer and one that can identify and fix coding errors before some hacker takes advantage of your mistakes and messes up your workday by compromising your systems and stealing your data.

Each chapter ends with a series of exercises to test your retention of what she explains and highlights some common misconceptions of the content. Some of them reflect her wicked sense of humor ― such as 'how often should you authenticate to an SSO ― only once, unless you have done a really bad job!'

And each section has an end-of-section summary about best practices. If many of them are unfamiliar to you, then take the time to read those chapters and take careful notes about how you can implement her suggestions. Indeed, a good way to browse this book is to carefully read these summaries and see if you need to bone on these techniques.

Like the first book in this series, I highly recommend this one for both beginners and experienced coders alike."
―DAVID STROM, freelance writer and author of two computer books thousands of magazine articles about technology

"Tanya ensures the book delivers exceptional value for software developers across experience levels, from students to seasoned engineers. Its methodical approach to secure coding fundamentals, combined with language-specific implementations, makes it particularly valuable for:

• Early-career developers building security-first practices
• Experienced engineers transitioning to security-focused roles
• Technical leads implementing secure development practices across teams

The book's greatest strength lies in bridging theoretical security concepts with practical development scenarios. While more comprehensive code examples would enhance its utility, the current content provides a solid foundation for secure coding practices. Highly recommended for software engineering teams and computer science programs looking to establish robust security mindsets."
―NIELET D'MELLO, Security Engineer

"Tanya's Alice and Bob Learn Secure Coding will give you a head start on learning about secure coding practices. It covers all the fundamentals a developer needs to know. Practicing the information in this book will allow you to start developing the experience needed to become a secure coder. I go over all this stuff with my devs."
―RAY LEBLANC, Application Security Architect & Engineer

Tanya Jance, aka SheHacksPurple, is the best-selling author of Alice and Bon Learn Application Security and Cards Against AppSec. Over her 28-year IT Career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software.