Code security for software engineers

In this episode of The Pragmatic Engineer Podcast, Gergely Orosz interviews Johannes Dahse, VP of Code Security at Sonar, about code security basics for software engineers. Dahse shares his background in penetration testing and emphasizes that code security is a shared responsibility, with developers owning code-related security issues. They discuss the evolution of code security, the importance of understanding code, input validation, and avoiding secret leaks. The conversation covers static and dynamic code analysis tools, software composition analysis, and the impact of AI on code security, including the challenges of AI-generated code and prompt injection vulnerabilities. Dahse advises engineers to automate security checks, stay updated on common vulnerabilities, and prioritize code quality for better security.