The Stack Overflow Podcast10 Des 2024

What security teams need to understand about developers

NightVision offers web and API security testing tools built to integrate with developers’ established workflows. NightVision identifies issues by precise area(s) of code, so devs don’t have to chase down and validate vulnerability reports, a process that eats up precious engineering resources. Get started with their docs.

Connect with Kinnaird on LinkedIn.

Stack Overflow user Cecil Curry earned a Populist badge with their exceptionally thoughtful answer to In Python how can one tell if a module comes from a C extension?.

Some great excerpts from this episode:

“From the program side, I would say if you're running a security program or you're starting from day one, there's a danger with security people and being the security person who's out of touch or doesn't know what the life of a developer is like. And you don't want to be that person. And that's not how you have actual business impact, right? So you got to embed with teams, threat model, and then do some preventative security testing, right? Testing things before it gets into production, not just relying on having a bug bounty program.”

“With code scanning, you're looking for potentially insecure patterns in the code, but with dynamic testing, you're actually testing the live application. So we're sending HTTP traffic to the application, sending malicious payloads in forms or in query parameters, et cetera, to try to elicit a response or to send something to an attacker controlled server. And so using this, we're able to. Not just have theoretical vulnerabilities, but exploitable vulnerabilities. I mean, how many times have you looked at something in GitHub security alerts and thought, yeah, that's not real. That's not exploitable. Right. So we're trying to avoid that and have higher quality touch points with developers. So when they look at something, they say, okay, that's exploitable. You showed me how. And you traced it back to code.”

See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Oppdag Premium

Prøv 14 dager gratis

Kjøp Premium

Episoder(907)

You need quality engineers to turn AI into ROI

SPONSORED BY MONGODBPete Johnson, Field CTO, Artificial Intelligence at MongoDB, joins the podcast to talk about a recent OpenAI paper on the impact that AI will have on jobs and overall GDP. Pete, wh...

7 Jan 29min

Search engine bots crawled so AI bots could run

Ryan hosts Akamai data scientist Robert Lester on the show to discuss how the growth of AI bots affects internet traffic, the ways these AI bots differ from the original search engine optimization one...

6 Jan 23min

The most dangerous shortcuts in software

Ryan sits down with Tom Totenberg, head of release automation at LaunchDarkly, to discuss the perils of taking too many shortcuts in software development, how business pressures and AI code tools have...

2 Jan 29min

How AI is helping us build better communities

MIT and Stanford professor Alex “Sandy” Pentland joins the show to explore the power of communities for shared knowledge and how AI could hurt or help the growth of these communities. Ryan and Sandy d...

30 Des 202533min

Containers are easy—moving your legacy system off your VM is not

Ryan sits down with Dan Ciruli, VP and General Manager of Cloud Native at Nutanix, to talk about getting your virtual machines and Kubernetes to play nice in cloud-native environments, why VMs are sti...

26 Des 202531min

Settle down, nerds. AI is a normal technology

Ryan welcomes Anil Dash, writer and former Stack Overflow board member, back to the show to discuss how AI is not a magical technology, but rather the normal next step in computing’s evolution. They e...

23 Des 202537min

Last week in AWS re:Invent with Corey Quinn

Ryan sits down with Corey Quinn, Chief Cloud Economist at Duckbill, at AWS re:Invent to get Corey’s patented snarky take on all the happenings from the conference. They discuss whether the AI agent hy...

19 Des 202523min

Live from re:Invent…it’s Stack Overflow!

Ryan is joined by Stack Overflow’s CEO Prashanth Chandrasekar and Director of Data Science Michael Foree on the floor at re:Invent to discuss all they’ve seen and heard at the event, from the future o...

16 Des 202531min

Reklamefrie Premium-podkaster

Hør populære podkaster som Storefri med Mikkel og Herman, Ida med hjertet i hånden, Krimpodden og mye mye mer

Skap din egen podkastboble

I appen skaper du ditt eget bibliotek med favoritter, og vi gir deg også anbefalinger til podkaster du ikke kan gå glipp av.

Prøv 14 dager gratis

Dersom du er ny Podme-bruker får du 14 dager gratis prøveperiode når du oppretter abonnement

Premium

99 kr/ måned

Tilgang til alle våre Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker

Prøv 14 dager gratis

Premium

129 kr/ måned

Tilgang til alle Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker
En Ekstra bruker

Prøv 14 dager gratis

Populært innen Business og økonomi

tid-er-penger-en-podcast-med-peter-warren

Historiene og stemmene du vil høre

Ubegrenset tilgang til alle dine favorittpodkaster og lydbøker

Les mer