What security teams need to understand about developers
The Stack Overflow Podcast10 Des 2024

What security teams need to understand about developers

NightVision offers web and API security testing tools built to integrate with developers’ established workflows. NightVision identifies issues by precise area(s) of code, so devs don’t have to chase down and validate vulnerability reports, a process that eats up precious engineering resources. Get started with their docs.

Connect with Kinnaird on LinkedIn.

Stack Overflow user Cecil Curry earned a Populist badge with their exceptionally thoughtful answer to In Python how can one tell if a module comes from a C extension?.

Some great excerpts from this episode:

“From the program side, I would say if you're running a security program or you're starting from day one, there's a danger with security people and being the security person who's out of touch or doesn't know what the life of a developer is like. And you don't want to be that person. And that's not how you have actual business impact, right? So you got to embed with teams, threat model, and then do some preventative security testing, right? Testing things before it gets into production, not just relying on having a bug bounty program.”

“With code scanning, you're looking for potentially insecure patterns in the code, but with dynamic testing, you're actually testing the live application. So we're sending HTTP traffic to the application, sending malicious payloads in forms or in query parameters, et cetera, to try to elicit a response or to send something to an attacker controlled server. And so using this, we're able to. Not just have theoretical vulnerabilities, but exploitable vulnerabilities. I mean, how many times have you looked at something in GitHub security alerts and thought, yeah, that's not real. That's not exploitable. Right. So we're trying to avoid that and have higher quality touch points with developers. So when they look at something, they say, okay, that's exploitable. You showed me how. And you traced it back to code.”

See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Episoder(935)

Even your voice is a data problem

Even your voice is a data problem

Recorded last December at AWS re:Invent, Ryan welcomes CEO and co-founder of Deepgram, Scott Stephenson, for a conversation on advancing voice AI technology. They cover how Deepgram is improving speec...

13 Feb 35min

The logos, ethos, and pathos of your LLMs

The logos, ethos, and pathos of your LLMs

Ryan is joined by Professor Tom Griffiths, the head of Princeton University’s AI Lab, to dive into findings from his new book The Laws of Thought, which explores the history of the philosophy, mathema...

10 Feb 34min

AI attention span so good it shouldn’t be legal

AI attention span so good it shouldn’t be legal

We have another two-for-one special this week, with two more interviews from the floor of re:Invent. First, Ryan welcomes Pathway CEO Zuzanna Stamirowska and CCO Victor Szczerba to dive into their dev...

6 Feb 30min

Generating text with diffusion (and ROI with LLMs)

Generating text with diffusion (and ROI with LLMs)

Two guests for the price of one! This episode has two interviews recorded at AWS re:Invent back in December. In part 1, Ryan chats with the co-founder and CEO of Inception, Stefano Ermon, about diffus...

3 Feb 30min

Wanna see a CSS magic trick?

Wanna see a CSS magic trick?

Ryan is joined by Chris Coyier, founder of CSS Tricks and CodePen, to talk all about what the state of the art of CSS is today, including new features like variables and scroll-driven animations. They...

30 Jan 38min

Spy vs spy at scale

Spy vs spy at scale

Ryan welcomes Anthony Vinci, former senior intelligence officer and author of The Fourth Intelligence Revolution, to explore AI’s evolving role in intelligence in places like translation and image ana...

27 Jan 35min

AI can 10x developers...in creating tech debt

AI can 10x developers...in creating tech debt

Ryan sits down with Michael Parker, VP of Engineering at TurinTech to discuss the newest kind of tech debt—AI-generated tech debt. They dive into the uneven productivity results of AI tools, how tech ...

23 Jan 29min

Don’t let your backend write checks your frontend can’t cache

Don’t let your backend write checks your frontend can’t cache

Ryan welcomes Prakash Chandran, CEO and co-founder of Xano, to the show to discuss the intricate relationship between frontend and backend development, the potential challenges that universal frontend...

20 Jan 30min

Populært innen Business og økonomi

stopp-verden
dine-penger-pengeradet
lydartikler-fra-aftenposten
rss-penger-polser-og-politikk
e24-podden
rss-borsmorgen-okonominyhetene
pengepodden-2
pengesnakk
finansredaksjonen
rss-politisk-preik
utbytte
livet-pa-veien-med-jan-erik-larssen
morgenkaffen-med-finansavisen
tid-er-penger-en-podcast-med-peter-warren
stormkast-med-valebrokk-stordalen
rss-markedspuls-2
rss-sunn-okonomi
lederpodden
rss-pa-konto
okonomiamatorene