Software Engineering Daily StackHawk and Shift-Left API Security with Scott Gerlach
10 snips
Mar 6, 2025 Scott Gerlach, Co-Founder and Chief Security Officer at StackHawk, shares insights on the critical role of APIs in modern software and their exposure to security threats. He discusses the importance of proactive security measures in software development, particularly around API vulnerabilities. The conversation touches on the evolving landscape of API security influenced by generative AI and automation. Gerlach also highlights the unique challenges faced by the financial sector regarding compliance and security, making a compelling case for integrating security throughout the development process.
AI Snips
Chapters
Transcript
Episode notes
GoDaddy Experience
- Scott Gerlach, StackHawk's CSO, shared his career journey in security.
- His experience at GoDaddy taught him valuable lessons due to its challenging security environment.
Reactive Security
- Developers are often the last to know about security vulnerabilities in their code.
- This reactive approach is a major problem in application security.
DAST vs. SAST
- DAST excels at identifying exploitable vulnerabilities in running applications, prioritizing actionable security issues.
- SAST pinpoints code-level issues but lacks context about exploitability, often generating noise.
