Episodi
-
The Haunted House of API's
Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.
A Portal to the Beyond: Securing Gen AI and other Third-Party APIs in Your ApplicationsToday’s episode is titled A Portal to the Beyond: Securing Gen AI and other Third-Party APIs in Your Applications, with Allison Averill. Developers are building exciting new features with Gen AI, often leveraging 3rd party APIs. Doing this isn’t new, but are these integrations secure? These APIs open a portal to the beyond – and introduce supply chain risk to your applications. Allison is a Generative AI and product management expert at Traceable, and she will explore the risks lurking in generative AI and other 3rd party APIs, sharing best practices for securing these integrations, so you can ensure they don’t become the stuff of security horror stories.
How are application developers leveraging 3rd party APIs today, and how is the landscape changing?How do third-party APIs introduce risks to applications and what are some common mistakes organizations make when integrating with third party APIs?How are generative AI APIs different from other third party APIs? What unique risks do they introduce?Have you encountered any 'nightmare' scenarios where an insecure third-party API caused a security incident?What best practices should organizations follow to ensure secure integrations?How can organizations balance the need for innovation with the necessity of maintaining strict security controls when working with external partners?Sponsors
TraceableLinks
https://www.traceable.ai/https://www.linkedin.com/in/allisonaverill/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
The Haunted House of API's
Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.
Phantom Threats: The Ghosts Haunting Your API SecurityToday’s episode is titled Phantom Threats: The Ghosts Haunting Your API Security, with Adam Arellano. API security threats often go unnoticed, hiding like ghosts in your infrastructure. Bots, sophisticated fraud attempts, account takeovers and attackers disguising themselves within legit traffic… these all pose risk to your organization, and can bypass traditional security measures, wreaking havoc without detection – until it’s too late. Adam is a tech advisor, Global CISO at Traceable, and will guide listeners through the world of phantom threats haunting API security.
What are "phantom threats" in the context of API security, and how do they go undetected?Can you explain how advanced botnets and fraud attempts exploit APIs while blending into legitimate traffic?Do you have a real-world example of a phantom threat that caused significant damage to an organization?What makes detecting these phantom threats so challenging, and why do traditional security measures often fail?What are the best strategies or technologies organizations can adopt to detect and eliminate these hidden threats before they cause harm?Sponsors
TraceableLinks
https://www.traceable.ai/https://www.linkedin.com/in/adamrossarellano/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Episodi mancanti?
-
Shashwat Sehgal has been in the tech industry broadly for 15 years. He started out as an engineer, but eventually, worked his way towards product and the business side. Outside of tech, he enjoys spending time with his family. He's into sports, loves to play tennis, but admits he hasn't played pickle ball yet because the courts are always booked. He also enjoys reading, in particular historical narratives or autobiographies.
In his prior years, Shashwat noticed that developers spend a large amount of time securing business assets in the cloud. He dreamt of a world where this was just an abstraction layer on top of the cloud, making it easier for developers to complete the task.
This is the creation story of P0 Security.
Sponsors
P0 SecuritySpeakeasyQA WolfSnapTradeLinks
https://p0.dev/https://www.linkedin.com/in/shashwatsehgal/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
The Haunted House of API's
Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.
The Haunted Web: Navigating API Sprawl and Creepy CrawlersToday’s episode is titled The Haunted Web: Navigating API Sprawl and Creepy Crawlers, with Traceable’s Chief Security Officer, Richard Bird. As organizations scale and evolve, so does the complexity of their APIs. API sprawl, the uncontrolled expansion of APIs, creates a tangled web where vulnerabilities linger in the shadows. These unseen APIs become “creepy crawlers” of your digital infrastructure, creeping through your systems and posing security risks. Richard will discuss how unmanaged and undocumented APIs contribute to blind spots in security, the risks they create for organizations and the best strategies for securing a sprawling ecosystem.
Discussion questions:
Can you explain what we mean by "unknown APIs" and the different types, like shadow, rogue, zombie, and undocumented?Why do these APIs often go unnoticed, and how do they become security risks?What makes these APIs such an attractive target for attackers, and can you share an example of how one has been exploited?How can organizations begin to uncover these hidden APIs, and what tools or strategies are effective in doing so?In your experience, what are some common mistakes organizations make that lead to these unknown APIs being created or overlooked?Sponsors
TraceableLinks
https://www.traceable.ai/https://www.linkedin.com/in/rbird/https://richardbird.com/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
The Haunted House of API's
Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.
The Dark Corners of APIs: Uncovering Unknown APIs Lurking in the ShadowsOur episode today is titled The Dark Corners of APIs: Uncovering Unknown API’s lurking in the shadows, where we speak with Katie Paxton-Fear. APIs are the gateway to your digital infrastructure, but hidden deep in the recesses of your system are unknown APIs – shadow, rogue, zombie, and undocumented API’s. Each of these present a unique threat to your organization and can be exploited by hackers. Katie is an API hacker and researcher, and today, she will take us on a journey through the API graveyards, where hidden APIs lurk, waiting to be exploited – sharing real life examples of how these API’s have been attacked, and best practices for ensuring they don’t become your companies next security nightmare.
Discussion questions:
Can you explain what we mean by "unknown APIs" and the different types, like shadow, rogue, zombie, and undocumented?Why do these APIs often go unnoticed, and how do they become security risks?What makes these APIs such an attractive target for attackers, and can you share an example of how one has been exploited?How can organizations begin to uncover these hidden APIs, and what tools or strategies are effective in doing so?In your experience, what are some common mistakes organizations make that lead to these unknown APIs being created or overlooked?Sponsors
TraceableLinks
https://www.traceable.ai/https://www.linkedin.com/in/katiepf/https://insiderphd.dev/Katie's YouTube Channel
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
The Haunted House of API'sThe Witch’s Brew: Stirring Up OWASP Vulnerabilities and API Testing
Today, we are kicking off an amazing series for Cybersecurity Awareness month, entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.
In today’s episode, we will be talking with Jayesh Ahire, an expert in API testing and OWASP, will guide us through the "brew" of common vulnerabilities that haunt API ecosystems, focusing on the OWASP Top 10 for APIs. He’ll share how organizations can use API security testing to spot and neutralize these vulnerabilities before they become major exploits. By emphasizing proactive security measures, Jayesh will offer insights into creating a strong API testing framework that keeps malicious actors at bay.
Discussion questions:
What are some of the most common vulnerabilities in APIs that align with the OWASP Top 10, and why are they so dangerous?Why is API security testing crucial for detecting these vulnerabilities early, and how does it differ from traditional security testing?Can you share an example of how an overlooked API vulnerability led to a significant security breach?How can organizations create an effective API testing framework that addresses these vulnerabilities?What tools or methods do you recommend for continuously testing APIs and ensuring they remain secure as they evolve?Sponsors
TraceableLinks
https://www.traceable.ai/https://www.linkedin.com/in/jayesh-ahire/https://owasp.org/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Elkhan Shabanov was born in the Soviet Union, and started out in the tech world. He eventually left tech to try some other types of businesses, but eventually returned. He has done a few early stage startups in the past, in particular in the 3d printing space before it was cool. Six years ago, he joined his current venture. Outside of tech, he enjoys traveling, and is in a competition with his daughter to see how many countries he can visit. When he reads, he prefers to go back to the books he has read and enjoyed before, and being in Texas, he is a big fan of grilling out on his big green egg.
As I mentioned, six years ago Elkhan joined a company that wanted to be more than a software development shop. He and the founder of the company wanted to build a company that did more than throw bodies at a problem - but actually because a long term partner to their clients.
This is the creation story of Digicode.
Sponsors
SpeakeasyQA WolfSnapTradeLinks
https://www.mydigicode.com/https://www.linkedin.com/in/elkhanshabanov/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Vishal Agarwal was born in India, and did his schooling in Darjeeling. He noted that this city exports some of the best tea in the world! Prior to his current venture, he was the chief marketing officer for Choxi. Outside of tech, he is an avid tennis lover and follows cricket and basketball closely. Though, he admits, now that he has a 2.5 year old child, his time is mostly dedicated to him.
In attempting to solve the problem of "splitting the check", Vishal discovered that restaurants had a real problem with having multiple tablets for the many order and delivery services - like GrubHub, DoorDash, etc. When he saw this problem proliferate, he validated that people were willing to pay for a solution.
This is the creation story of Checkmate.
Sponsors
SpeakeasyQA WolfSnapTradeLinks
https://www.itsacheckmate.com/https://www.linkedin.com/in/vishalagarwal82/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Heiki Riesenkampf is from a tiny country called Estonia, later studying computer science in London and doing his post grad in Zurich. He has been into machine learning since before all of the hype it has now. Outside of technology, he dreams of being a macroeconomist, and spends a ton of time reading about the topic. He lives in New York now, and frequently takes in the architecture, fashion and local art scene.
Previously, Heiki spent time working for a VC, eventually building a product in a completely different domain. After personally realizing that he didn't want to be known for the product he was building, he pivoted towards building something that impacted him personally as an immigrant.
This is the creation story of Commonbase.
Sponsors
P0 SecuritySpeakeasyQA WolfSnapTradeLinks
https://commonbase.com/https://www.linkedin.com/in/heikir
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Guy Guzner first computer when he was 5, which was a Commodore 64, where he learned to program in BASIC. As a teed, get started getting into the internet, back with dialup and a modem. He startec hacking into places where he shouldn't be, and eventually got into trouble - but now, he has flipped that for good and works to protect systems now. Outside of tech, he plays tennis, and likes to ski. He also plays guitar, jamming Led Zeppling and 80's / 90's rock.
After selling his past company to Symantec, he stayed on to help existing and future companies. What he realized was that people were still mis-using their identities. He observed this behavior, and decided to take identity to the next level.
This is the creation story of Savvy Security.
Sponsors
P0 SecuritySpeakeasyQA WolfSnapTradeLinks
https://www.savvy.security/https://www.linkedin.com/in/guyguzner/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Rob Grazioli started his life in Brooklyn NY, but moved to Italy for his Dad's job, and lived there from age 5 to 13. He ended up moving back to the states for High School and College, and finds that it's difficult to separate tech and work from his life. Outside of tech, he enjoys exercising, and has always been an athlete, most recently picking up basketball. He really loves to make things, learn how things work, and to munch on Oreos.
Eight years ago, Rob and his partners started a company called Density, allowing businesses to count the number of people in a room. After growing that business, Rob realized that he wanted to get back to building things. And, after working with early businesses, he found his passion in being founders for hire.
This is the creation story of Bread.
Sponsors
P0 SecuritySpeakeasyQA WolfSnapTradeLinks
https://www.madebybread.com/https://www.linkedin.com/in/robert-j-grazioli/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Sebastian Raffaele grew up in a small, working class family in Australia. He had a crazy life, growing up in social housing, having to find his way. He found inspiration from his family members, who always pushed him to follow his passions. He left high school early, and jumped straight away into the work force. In 2014 he was introduced to crypto, and got hooked. Outside of tech and finance, he has always been into the creative spaces, specifically music. He likes to spend time with his fiancé, likes trying new foods, and tries to surround himself with high quality people.
Sebastian realized that the manual processes for a trader are overwhelming, along with making it difficult to be consistent. And alongside this, he saw the cycle of manual traders returning the money they made to the market - sort of like "the house always wins" in casinos. He wanted to build something close the gap for these traders, and solve this problem.
This is the creation story of Minotaur Trading Systems.
Sponsors
P0 SecuritySpeakeasyQA WolfSnapTradeLinks
https://minotaurtradingsystems.com/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Adam Pisk lives in Sydney, Australia, and just turned 45. He has 5 year old twins, and at the time of this recording, had just taken them on a trip to explore theme parks. He enjoys good wine, good steak, and good people. And the best place you can get a steak? In his backyard on his pit. Outside of this, as he puts it, he is unfortunately one of those people that really enjoys their work. IE, considers it a hobby.
Adam started his outsourcing journey in 2001, specifically in the manufacturing industry. He couldn't get the engineers he needed, and built an offshore engineering team. Once he got that working, he wondered what else he could outsource. Eventually, he offshored operations for a different company, and noticed all metrics improved. He then realized there is something to this.
This is the creation story of Bruntwork.
Sponsors
P0 SecuritySpeakeasyQA WolfLinks
https://www.bruntwork.co/https://www.linkedin.com/in/adampisk/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
In August of 2021, we interviewed Brendan Wood on the podcast to tell the creation story of Passiv. After the recording, the company decided to pivot into a new market, focusing on solving their biggest pain point for other platforms. They were running into the problems surrounding integrations into brokers. In fact, they were spending 80% of engineering time on integrations. People started to reach out to his team to ask if they could use the integrations... and they started ideating about making this its own product.
This is the creation story of SnapTrade.
Sponsors
P0 SecuritySpeakeasyQA WolfLinks
https://snaptrade.com/https://www.linkedin.com/in/brendancalebwood/https://codestory.co/podcast/bonus-brendan-wood-passiv/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Hello listeners.
Today, I have an awesome follow episode from our friends at Swob. You may remember our episode with Stephanie Florio in Season 6 over 2 years ago, where she clued us in on the creation story of the company. Today, I'm speaking with her co-founder and brother, Alex, to hear the update on Swob and what the team has been up to since then. Have a listen now
It's very cool to hear the successful update with Swob, adding over 7 million jobs to the platform, scaling for businesses and candidates, and ensuring they have the right team in place to carry out the vision.
If you would like to learn more about Swob, go to swobapp.com.
Sponsors
P0 SecuritySpeakeasyQA WolfLinks
https://www.swobapp.com/https://www.linkedin.com/in/alexanderflorio/https://www.linkedin.com/in/stephanie-florio-51397765/https://codestory.co/podcast/bonus-stephanie-florio-swob/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Kevin Hurley grew up in a multi-kid house, which is where he got his competitive nature. He used to play 2 on 2 with his Dad and siblings at home. He went to school for electrical engineering, and funny enough, interviewed for a computer science job by accident, effectively stumbling into the trade. Outside of tech, he spends his free time with his fiancé, planning for the wedding, and visiting Manhattan beach for a good walk .
Kevin was part of the team that attempted to launch crypto at Facebook. Although that didn't work out, they realized that the backbone of the system needed to be built on something more common - and something that was lightning fast.
This is the creation story of Lightspark.
Sponsors
P0 SecuritySpeakeasyQA WolfLinks
https://www.lightspark.com/https://www.linkedin.com/in/kevin-p-hurley/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Hello listeners.
Today, I have an incredible follow episode from our friends at Turso. You may remember our episode with Glauber Costa in Season 8, where he told us the creation story of the platform. Today, I'm speaking with his co-founder, Pekka, to hear the update on Turso and what the team has been building over the past year.
Now with Turso, you can not only have embedded replicas on your device or browser, with multi-tenancy and syncing to Turbo's edge network - but now the tool powers vector search from on the device itself, leading to natively server less, low latency sql lite production loads. Turso continues to push the envelope with their product, and expanding use cases for developers.
If you would like to learn more about Turso, go to turso.tech. If you'd like to learn more specifically about vector search, go to turso.tech/vector.
Sponsors
SpeakeasyLinks
https://turso.tech/https://turso.tech/vectorhttps://codestory.co/podcast/bonus-glauber-costa-turso/https://codestory.co/podcast/bonus-dor-laor-scylladb/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Matt Van Itallie is the son of a math teacher and a coder - so this explains why he now uses code as data. He is a proud Boy Scout, making it of course to Eagle Scout and beyond. After being a management consultant, he found his way to ed tech, and fell in love with improving code. Outside of technology, he is married with 3 amazing kids. He likes to run, play ultimate frisbee, and has a wicked cool collection of minor league baseball hats.
Sitting a room with the head of Sales, Matt noticed that there were systems like Salesforce that were built to assess the state and future opportunity for business. He then thought, where are these systems for the code itself?
This is the creation story of Sema.
Sponsors
SpeakeasyLinks
https://www.semasoftware.com/https://www.linkedin.com/in/mvi/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Anurag Goel grew up in New Delhi, but moved to Boston after college for his first job. He worked at Stripe, as the 8th employee, before eventually moving on and launching his current venture. Outside of tech, he is married, living in San Francisco. He likes to read science fiction, especially prior to bedtime. He also enjoys eating Thai food on the regular, though he mentioned he could eat pizza every day.
Post leaving Stripe, Anurag decided to work on an ambitious problem, and he started doing this by building a bunch of stuff in many different domains. After noticing a common problem in building out Kubernetes, he decided to start a new business to abstract these problems, and allow builders to focus on the differentiating factors to their solutions.
This is the creation story of Render.
Sponsors
SpeakeasyLinks
https://render.com/https://www.linkedin.com/in/anuragoel/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy -
Sagar Batchu was born in Sacramento, but moved to Bangalore after a decade. He has always been interested in how things work, and majored in Physic at his University. Towards the end of his studies, he crammed in a ton of CS classes and fell in love with the craft. He's worked on firmware, enterprise software, and eventually went to LiveRamp, building new experiences for them. Outside of tech, he loves pickleball, enjoys growing coffee and loves readying about historical events.
In his past, Sagar and his team took on API initiative to invest in internal API experience. Through this project, he spent a lot of time thinking about how to make this happen. He immediately saw the need across the industry, with the absence of time and money to fill the need. He decided to take it on and start a company.
This is the creation story of Speakeasy.
Sponsors
SpeakeasyLinks
https://www.speakeasy.com/https://www.linkedin.com/in/sagar-batchu-981b3738/
Support this podcast at — https://redcircle.com/code-story/donations
Advertising Inquiries: https://redcircle.com/brands
Privacy & Opt-Out: https://redcircle.com/privacy - Mostra di più
