logo
episode-header-image
Mar 2025
46m 8s

StackHawk and Shift-Left API Security wi...

Software Engineering Daily
About this episode

APIs are a fundamental part of modern software systems and enable communication between services, applications, and third-party integrations. However, their openness and accessibility also make them a prime target for security threats, and this makes APIs a growing focus on software teams.

StackHawk is a company that scans and monitors source code to obtain the full scope of an organization’s APIs and applications, and runs tests to identify vulnerabilities and address them pre-production.

Scott Gerlach is the Co-Founder and Chief Security Officer at StackHawk and previously worked at SendGrid and GoDaddy. He has an extensive background running security operations and engineering and, in this episode, he joins the show to talk about the challenges around API security and leading-edge strategies to address them.

Full Disclosure: This episode is sponsored by 10kMedia (StackHawk).

Gregor Vand is a security-focused technologist, and is the founder and CTO of Mailpass. Previously, Gregor was a CTO across cybersecurity, cyber insurance and general software engineering companies. He has been based in Asia Pacific for almost a decade and can be found via his profile at vand.hk.

 

Please click here to see the transcript of this episode.

Sponsorship inquiries: sponsor@softwareengineeringdaily.com

 

The post StackHawk and Shift-Left API Security with Scott Gerlach appeared first on Software Engineering Daily.

Up next
Aug 21
Complex Workload Deployment with Will Stewart
Deploying and managing cloud workloads is a complex task that requires developers to handle infrastructure, scaling, CI/CD pipelines, and database hosting. Configuring and maintaining Kubernetes, ensuring smooth deployments, and integrating various services efficiently is a commo ... Show More
37m 34s
Aug 19
Empowering Cross-Functional Product Teams with Tobias Dunn-Krahn and Doug Peete
Modern software teams typically rely on a patchwork of tools to manage planning, development, feature rollout, and post-release analysis. This fragmentation is a known challenge that can create friction and slow down software development iteration. It’s especially problematic for ... Show More
46m 28s
Aug 14
Carbon and Modernizing C++ with Chandler Carruth
Carbon is a programming language developed by Google as a successor to C++, and it aims to provide modern safety features while maintaining high performance. It’s designed to offer seamless interoperability with C++ while addressing shortcomings of C++ such as slow compilation ti ... Show More
1h 2m
Recommended Episodes
Oct 2024
Navigating NIST CSF 2.0: Guide to Frameworks and Governance
In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what it t ... Show More
36m 29s
Apr 2024
The role of Real Time Defense in Cloud Security
In this episode from KubeCon Paris 2024, we spoke to Loris Degioanni, Co-Founder and CTO of Sysdig about Open Source Project, Falco that celebrated its graduation this year at KubeconEU, Loris shared with us this proud moment and journey from writing the 1st lines of code to its ... Show More
21m 35s
May 24
From English Literature to Cybersecurity: A Journey Through Blockchain and Security
LINKS: https://distrust.co/software.html - Software page with OSS software Linux distro: https://codeberg.org/stagex/stagex Milksad vulnerability: https://milksad.info/ In this episode of Cybersecurity Today on the Weekend, host Jim Love engages in a captivating discussion with A ... Show More
54m 36s
Aug 2024
Securing SMBs Serving Defense Industrial Base and U.S. Critical Infrastructure
In this episode, Chris Petersen, Co-Founder and CEO of RADICL, and I discuss the challenges of securing the small and medium-sized businesses (SMBs) that serve the United States defense industrial base (DIB) and critical infrastructure. These SMBs play a significant role in suppo ... Show More
40m 59s
Aug 2024
From screen share to spyware.
Threat actors use a malicious Pidgin plugin to deliver malware. The BlackByte ransomware group is exploiting a recently patched VMware ESXi  vulnerability. The State Department offers a $2.5 million reward for a major malware distributor. A Swiss industrial manufacturer suffers a ... Show More
33m 35s
Nov 2024
151: Chris Rock
Chris Rock is known for being a security researcher. But he’s also a black hat incident responder. He tells us about a job he did in the middle east.https://x.com/chrisrockhackerSponsorsSupport for this show comes from Varonis. Do you wonder what your company’s ransomware blast r ... Show More
57m 57s
Apr 2025
Understanding SaaS Security: Insights, Challenges, and Best Practices
In this episode of Cybersecurity Today, host Jim Love delves into the topic of SaaS (Software as a Service) security. Sharing his early experiences promoting SaaS, Jim elaborates on its inevitable rise due to cost-effectiveness and shared development resources. The episode highli ... Show More
38m 5s
Apr 2025
Cybersecurity Today: Virtual Employees, AI Security Agents, and CVE Program Updates
In this episode of 'Cybersecurity Today,' host Jim Love discusses various pressing topics in the realm of cybersecurity. Highlights include Anthropic's prediction on AI-powered virtual employees and their potential security risks, Microsoft’s introduction of AI security agents to ... Show More
7m 47s
Aug 4
Cybersecurity Today: Hamilton's Ransomware Crisis and Emerging AI and OAuth Threats
In this episode of 'Cybersecurity Today,' host David Chipley discusses several major security incidents and threats. Hamilton, Ontario faces a $5 million insurance denial following a ransomware attack due to incomplete deployment of Multi-Factor Authentication (MFA). The episode ... Show More
9m 46s
Sep 2024
#685: [Beyond the API] Colm MacCárthaigh
In this conversation, Simon Elisha interviews Colm MacCárthaigh, Vice President and Distinguished Engineer at AWS, about his background in technology and his work at Amazon. They discuss topics such as Colm's first computer, his role in building the European sovereign cloud, and ... Show More
1h 3m
Listen to millions of songs and podcasts on Anghami