The Stack Overflow Podcast10 Des 2024

What security teams need to understand about developers

NightVision offers web and API security testing tools built to integrate with developers’ established workflows. NightVision identifies issues by precise area(s) of code, so devs don’t have to chase down and validate vulnerability reports, a process that eats up precious engineering resources. Get started with their docs.

Connect with Kinnaird on LinkedIn.

Stack Overflow user Cecil Curry earned a Populist badge with their exceptionally thoughtful answer to In Python how can one tell if a module comes from a C extension?.

Some great excerpts from this episode:

“From the program side, I would say if you're running a security program or you're starting from day one, there's a danger with security people and being the security person who's out of touch or doesn't know what the life of a developer is like. And you don't want to be that person. And that's not how you have actual business impact, right? So you got to embed with teams, threat model, and then do some preventative security testing, right? Testing things before it gets into production, not just relying on having a bug bounty program.”

“With code scanning, you're looking for potentially insecure patterns in the code, but with dynamic testing, you're actually testing the live application. So we're sending HTTP traffic to the application, sending malicious payloads in forms or in query parameters, et cetera, to try to elicit a response or to send something to an attacker controlled server. And so using this, we're able to. Not just have theoretical vulnerabilities, but exploitable vulnerabilities. I mean, how many times have you looked at something in GitHub security alerts and thought, yeah, that's not real. That's not exploitable. Right. So we're trying to avoid that and have higher quality touch points with developers. So when they look at something, they say, okay, that's exploitable. You showed me how. And you traced it back to code.”

See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Oppdag Premium

Prøv 14 dager gratis

Kjøp Premium

Episoder(935)

Building brains for bulldozers

Ryan chats with Kevin Peterson, CTO of Bedrock Robotics, about the evolution of self-driving technology and why robotics is now advancing; how real data is still relevant but simulation becomes essent...

6 Mar 24min

AI-assisted coding needs more than vibes; it needs containers and sandboxes

SPONSORED BY DOCKERIn this sponsored episode, Ryan chats with Mark Cavage, President and COO of Docker, joins the show to dive into hardened containers and agent sandboxes. They discuss what it means ...

4 Mar 27min

No need for Ctrl+C when you have MCP

Ryan sits down with Member of the Technical Staff at Anthropic and Model Context Protocol co-creator David Soria Parra to talk the evolution of MCP from local-only to remote connectivity, how security...

2 Mar 31min

To live in an AI world, knowing is half the battle

Ryan welcomes Marcus Fontoura, technical fellow at Microsoft and author of Human Agency in the Digital World, to discuss the intersection of technology, society, and human dignity in a digital-first w...

27 Feb 28min

Dogfood so nutritious it’s building the future of SDLCs

Ryan welcomes Thibault Sottiaux, OpenAI’s engineering lead on Codex, to discuss how the Codex team dogfoods Codex to build Codex, what distinguishes an agentic coding tool from a chat-based code assis...

24 Feb 32min

Even GenAI uses Wikipedia as a source

Ryan is joined by Philippe Saade, the AI project lead at Wikimedia Deutschland, to dive into the Wikidata Embedding Project and how their team vectorized 30 million of Wikidata’s 119 million entries f...

20 Feb 26min

Why Stack Overflow and Cloudflare launched a pay-per-crawl model

In this episode of Leaders of Code, Stack Overflow’s Janice Manningham and Josh Zhang sit down with Cloudflare VP Will Allen to discuss the innovative pay-per-crawl model co-launched by their organiza...

19 Feb 19min

Data is the new oil, and your database is the only way to extract it

Ryan sits down with Shireesh Thota, CVP of Azure Databases at Microsoft, to discuss the evolution of databases at Microsoft; Azure’s comprehensive portfolio that includes SQL Server, CosmosDB, and Pos...

17 Feb 40min

Reklamefrie Premium-podkaster

Hør populære podkaster som Storefri med Mikkel og Herman, Ida med hjertet i hånden, Krimpodden og mye mye mer

Skap din egen podkastboble

I appen skaper du ditt eget bibliotek med favoritter, og vi gir deg også anbefalinger til podkaster du ikke kan gå glipp av.

Prøv 14 dager gratis

Dersom du er ny Podme-bruker får du 14 dager gratis prøveperiode når du oppretter abonnement

Premium

99 kr/ måned

Tilgang til alle våre Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker

Prøv 14 dager gratis

Premium

129 kr/ måned

Tilgang til alle Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker
En Ekstra bruker

Prøv 14 dager gratis

Populært innen Business og økonomi

tid-er-penger-en-podcast-med-peter-warren

Historiene og stemmene du vil høre

Ubegrenset tilgang til alle dine favorittpodkaster og lydbøker

Les mer