logo
episode-header-image
Mar 2025
46m 8s

StackHawk and Shift-Left API Security wi...

Software Engineering Daily
About this episode

APIs are a fundamental part of modern software systems and enable communication between services, applications, and third-party integrations. However, their openness and accessibility also make them a prime target for security threats, and this makes APIs a growing focus on software teams.

StackHawk is a company that scans and monitors source code to obtain the full scope of an organization’s APIs and applications, and runs tests to identify vulnerabilities and address them pre-production.

Scott Gerlach is the Co-Founder and Chief Security Officer at StackHawk and previously worked at SendGrid and GoDaddy. He has an extensive background running security operations and engineering and, in this episode, he joins the show to talk about the challenges around API security and leading-edge strategies to address them.

Full Disclosure: This episode is sponsored by 10kMedia (StackHawk).

Gregor Vand is a security-focused technologist, and is the founder and CTO of Mailpass. Previously, Gregor was a CTO across cybersecurity, cyber insurance and general software engineering companies. He has been based in Asia Pacific for almost a decade and can be found via his profile at vand.hk.

 

Please click here to see the transcript of this episode.

Sponsorship inquiries: sponsor@softwareengineeringdaily.com

 

The post StackHawk and Shift-Left API Security with Scott Gerlach appeared first on Software Engineering Daily.

Up next
Yesterday
Scaling AI in Enterprise Codebases with Guy Gur-Ari
The rise of language-model coding assistants has led to the creation of the vibe coding paradigm. In this mode of software development, AI agents take a plain language prompt and generate entire applications, which dramatically lowers the barriers to entry and democratizes access ... Show More
52m 5s
Oct 7
SED News: NVIDIA Bets on Intel, Meta’s Demo Crash, and Anthropic’s Explosive Growth
SED News is a monthly podcast from Software Engineering Daily where hosts Gregor Vand and Sean Falconer unpack the biggest stories shaping software engineering, Silicon Valley, and the broader tech industry. In this episode, they cover NVIDIA‘s $5B investment in Intel and $100M s ... Show More
53m 23s
Oct 2
Orkes and Agentic Workflow Orchestration with Viren Baraiya
Modern software systems are composed of many independent microservices spanning frontends, backends, APIs, and AI models, and coordinating and scaling them reliably is a constant challenge. A workflow orchestration platform addresses this by providing a structured framework to de ... Show More
46m 44s
Recommended Episodes
Oct 2024
Navigating NIST CSF 2.0: Guide to Frameworks and Governance
In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what it t ... Show More
36m 29s
Apr 2024
The role of Real Time Defense in Cloud Security
In this episode from KubeCon Paris 2024, we spoke to Loris Degioanni, Co-Founder and CTO of Sysdig about Open Source Project, Falco that celebrated its graduation this year at KubeconEU, Loris shared with us this proud moment and journey from writing the 1st lines of code to its ... Show More
21m 35s
May 2025
From English Literature to Cybersecurity: A Journey Through Blockchain and Security
LINKS: https://distrust.co/software.html - Software page with OSS software Linux distro: https://codeberg.org/stagex/stagex Milksad vulnerability: https://milksad.info/ In this episode of Cybersecurity Today on the Weekend, host Jim Love engages in a captivating discussion with A ... Show More
54m 36s
Jun 2025
Vibe Coding vs Low-Code/No-Code: Security Risks and CI/CD Pipeline Impacts for Citizen Developers
Explore the evolution from traditional coding to vibe coding and its relationship with low-code/no-code (LCNC) platforms. This comprehensive analysis examines how AI-assisted development and visual programming tools are creating a new generation of citizen developers, transformin ... Show More
9m 42s
Aug 2024
Securing SMBs Serving Defense Industrial Base and U.S. Critical Infrastructure
In this episode, Chris Petersen, Co-Founder and CEO of RADICL, and I discuss the challenges of securing the small and medium-sized businesses (SMBs) that serve the United States defense industrial base (DIB) and critical infrastructure. These SMBs play a significant role in suppo ... Show More
40m 59s
Aug 2024
From screen share to spyware.
Threat actors use a malicious Pidgin plugin to deliver malware. The BlackByte ransomware group is exploiting a recently patched VMware ESXi  vulnerability. The State Department offers a $2.5 million reward for a major malware distributor. A Swiss industrial manufacturer suffers a ... Show More
33m 35s
Apr 2025
Understanding SaaS Security: Insights, Challenges, and Best Practices
In this episode of Cybersecurity Today, host Jim Love delves into the topic of SaaS (Software as a Service) security. Sharing his early experiences promoting SaaS, Jim elaborates on its inevitable rise due to cost-effectiveness and shared development resources. The episode highli ... Show More
38m 5s
Apr 2025
Cybersecurity Today: Virtual Employees, AI Security Agents, and CVE Program Updates
In this episode of 'Cybersecurity Today,' host Jim Love discusses various pressing topics in the realm of cybersecurity. Highlights include Anthropic's prediction on AI-powered virtual employees and their potential security risks, Microsoft’s introduction of AI security agents to ... Show More
7m 47s
Oct 2024
Balancing Security with Usability in Cybersecurity
In this episode of Threat Vector, host David Moulton talks with guest speaker Brian Wrozek, Forrester Principal Analyst in Security & Risk, about the complexities of aligning security strategies across global teams. Brian draws on his extensive experience in cybersecurity, operat ... Show More
41m 41s
Mar 2025
Understanding Insider Threats With Eran Barak, CEO of MIND: Cyber Security Today for March 8, 2025
Understanding Insider Threats in Cybersecurity with Eran Barak Join host Jim Love as he discusses the critical issue of insider threats in cybersecurity with Eran Barak, CEO of MIND, a data security firm. In this episode, they explore the various types of insider threats, from in ... Show More
35m 49s
Listen to millions of songs and podcasts on Anghami