Software Engineering Daily

StackHawk and Shift-Left API Security with Scott Gerlach

Mar 6, 2025

Scott Gerlach, Co-Founder and Chief Security Officer at StackHawk, shares insights on the critical role of APIs in modern software and their exposure to security threats. He discusses the importance of proactive security measures in software development, particularly around API vulnerabilities. The conversation touches on the evolving landscape of API security influenced by generative AI and automation. Gerlach also highlights the unique challenges faced by the financial sector regarding compliance and security, making a compelling case for integrating security throughout the development process.

46:08

Creator website

Episode guests

Scott Gerlach

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

API security is critical as the openness of APIs makes them vulnerable to threats, necessitating proactive vulnerability identification before deployment.

StackHawk's innovative testing solutions combine dynamic application security with source code context to enhance API vulnerability management and increase developer awareness.

Deep dives

The Importance of API Security

APIs play a crucial role in modern software systems, facilitating communication between various services and applications. However, their inherent openness also renders them susceptible to security threats, making API security a top priority for software development teams. Organizations need to be proactive about identifying and addressing vulnerabilities before they reach production, as reactive approaches can lead to significant risks and incidents. The conversation emphasizes the importance of integrating security practices into the development lifecycle to mitigate these risks effectively.

Intro

2min

Bridging Security Gaps in API Development

17min

Navigating API Security in the Age of Generative AI

6min

Navigating Emotions in Code Quality Feedback

2min

Navigating Automation and Security in Code Development

15min

Navigating API Security in the Financial Sector

2min

Exploring StackHawk and Personal Reflections on Career Growth

3min

APIs are a fundamental part of modern software systems and enable communication between services, applications, and third-party integrations. However, their openness and accessibility also make them a prime target for security threats, and this makes APIs a growing focus on software teams.

StackHawk is a company that scans and monitors source code to obtain the full scope of an organization’s APIs and applications, and runs tests to identify vulnerabilities and address them pre-production.

Scott Gerlach is the Co-Founder and Chief Security Officer at StackHawk and previously worked at SendGrid and GoDaddy. He has an extensive background running security operations and engineering and, in this episode, he joins the show to talk about the challenges around API security and leading-edge strategies to address them.

Full Disclosure: This episode is sponsored by 10kMedia (StackHawk).

Gregor Vand is a security-focused technologist, and is the founder and CTO of Mailpass. Previously, Gregor was a CTO across cybersecurity, cyber insurance and general software engineering companies. He has been based in Asia Pacific for almost a decade and can be found via his profile at vand.hk.

Please click here to see the transcript of this episode.

Sponsorship inquiries: sponsor@softwareengineeringdaily.com

The post StackHawk and Shift-Left API Security with Scott Gerlach appeared first on Software Engineering Daily.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Software Engineering Daily

StackHawk and Shift-Left API Security with Scott Gerlach

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of API Security

StackHawk's Unique Approach to API Testing

Navigating API Sprawl and Complexity

The Future of Security in Software Development

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Software Engineering Daily

StackHawk and Shift-Left API Security with Scott Gerlach

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of API Security

StackHawk's Unique Approach to API Testing

Navigating API Sprawl and Complexity

The Future of Security in Software Development

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights