What security teams need to understand about developers
The Stack Overflow Podcast10 Dec 2024

What security teams need to understand about developers

NightVision offers web and API security testing tools built to integrate with developers’ established workflows. NightVision identifies issues by precise area(s) of code, so devs don’t have to chase down and validate vulnerability reports, a process that eats up precious engineering resources. Get started with their docs.

Connect with Kinnaird on LinkedIn.

Stack Overflow user Cecil Curry earned a Populist badge with their exceptionally thoughtful answer to In Python how can one tell if a module comes from a C extension?.

Some great excerpts from this episode:

“From the program side, I would say if you're running a security program or you're starting from day one, there's a danger with security people and being the security person who's out of touch or doesn't know what the life of a developer is like. And you don't want to be that person. And that's not how you have actual business impact, right? So you got to embed with teams, threat model, and then do some preventative security testing, right? Testing things before it gets into production, not just relying on having a bug bounty program.”

“With code scanning, you're looking for potentially insecure patterns in the code, but with dynamic testing, you're actually testing the live application. So we're sending HTTP traffic to the application, sending malicious payloads in forms or in query parameters, et cetera, to try to elicit a response or to send something to an attacker controlled server. And so using this, we're able to. Not just have theoretical vulnerabilities, but exploitable vulnerabilities. I mean, how many times have you looked at something in GitHub security alerts and thought, yeah, that's not real. That's not exploitable. Right. So we're trying to avoid that and have higher quality touch points with developers. So when they look at something, they say, okay, that's exploitable. You showed me how. And you traced it back to code.”

See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Avsnitt(861)

How can AI perform on the edge?

How can AI perform on the edge?

Episode notes:Infineon is a global semiconductor company for power systems and IoT.You can connect with Clark and Alexander on LinkedIn. Congrats to Lifeboat badge winner hdsenevi for their answer on Unrecognized font family 'Roboto' - React Native iOS.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

5 Mars 27min

Secure coding beyond just memory safety

Secure coding beyond just memory safety

Semgrep is an AppSec platform that lets devs deploy static application security testing (SAST), software composition analysis (SCA), and secret scans. Explore their docs.Tanya is the author of Alice and Bob Learn Secure Coding and Alice and Bob Learn Application Security.She’s also written for our blog:Three layers to secure a software development organization and Continuous delivery, meet continuous security.Secure coding might be an issue of national security. Follow Tanya on LinkedIn or check out her website.Stack Overflow user Reishin earned a Populist badge with their answer to piping from stdin to a python code in a bash script.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

4 Mars 34min

“Translation is the tip of the iceberg”: A deep dive into specialty models

“Translation is the tip of the iceberg”: A deep dive into specialty models

Smartling is an enterprise translation platform that includes AI-powered translation solutions.Connect with Olga on LinkedIn. Kudos to Stack Overflow user Suleka_28, who earned a Populist badge by explaining how to convert logits to probability in binary classification in tensorflow.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

28 Feb 31min

Writing tests with AI, but not LLMs

Writing tests with AI, but not LLMs

Diffblue Cover is an AI agent for testing complex Java code at scale. Check out their docs to get started automating unit tests today.This article will help you understand the difference between Diffblue Cover and Copilot.Find Animesh on LinkedIn.Stack Overflow user Keet Sugathadasa earned a Populist badge by answering a question in the CI/CD Collective: Gitlab CI CD variable are not getting injected while running gitlab pipeline.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

25 Feb 41min

One quality every engineering manager should have? Empathy.

One quality every engineering manager should have? Empathy.

CLEAR is an identity company trying to take the friction out of air travel (such as with TSA PreCheck, available through CLEAR), stadium events, and other experiences that require security screening. Find Caitlin on LinkedIn. Shoutout to Stack Overflow user Patrick Pijnappel, who earned a Populist badge with their answer to Redirect all output to file using Bash on Linux?. It’s helped 230,000 people and counting.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

21 Feb 35min

WBIT #4: Using GIS to understand the rivers and the lakes that you’re used to

WBIT #4: Using GIS to understand the rivers and the lakes that you’re used to

Forerunner provides a platform for floodplain management. Do you also have gnarly caching issues? Check out an overview of how we use caching at Stack Overflow. If you want to connect with Lauren, head over to her LinkedIn page. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

19 Feb 32min

Why is it so hard for companies to protect your privacy?

Why is it so hard for companies to protect your privacy?

Transcend is a data privacy and governance platform. See what they’re up to on their blog or dive into their docs.Find Minh on LinkedIn.Stack Overflow user ivanavitdev earned a Populist badge with their exceptionally thoughtful answer to How to use toSorted() method in TypeScript.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

18 Feb 25min

Solving the data doom loop

Solving the data doom loop

Hasura is a GraphQL API platform. Get started exploring here.Read Ken’s article on the data doom loop.Find Ken on LinkedIn. Shoutout to Stack Overflow user liquorvicar, who earned a Lifeboat badge with an exemplary answer to Checking value in an array inside one SQL query with WHERE clause.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

14 Feb 29min

Populärt inom Business & ekonomi

framgangspodden
varvet
badfluence
uppgang-och-fall
svd-ledarredaktionen
rss-borsens-finest
avanzapodden
lastbilspodden
rss-kort-lang-analyspodden-fran-di
fill-or-kill
rss-dagen-med-di
rikatillsammans-om-privatekonomi-rikedom-i-livet
affarsvarlden
borsmorgon
tabberaset
dynastin
kapitalet-en-podd-om-ekonomi
borslunch-2
aktiepodden
rss-veckans-trade