Guest: Scott Gerlach (LinkedIn)
Company: StackHawk (Twitter)
Show: Let’s Talk
StackHawk is an application and API security testing platform that enables users to automate the testing of APIs and applications. The company aims to help developers understand what the problems are so that they can fix them to produce safe software quickly within their organization.
One of the key problems in application security is knowing what things you need to test. StackHawk’s recently launched GitHub Insights to help solve this problem by enabling security teams to connect what code is being written to the applications that are being produced. According to Scott Gerlach, CSO and Co-Founder at StackHawk, “The new feature lets developers connect to GitHub repositories, map them, and help create applications in the StackHawk application stack platform. Developers can test the repositories and see insights while connecting the different teams working on an application.”
There is a risk that security teams could potentially hinder or slow down the development team. However, the role of security teams should be to build in safety nets and protection mechanisms that help people make good decisions and help the product go fast. By having a process in place to help with the security testing in a way that connects the security and development teams, the product will get to market quickly and the business will create value for customers.
Generative AI is still garnering a lot of attention and it is predicted will cause an explosion of APIs across the landscape. While it does have a lot of benefits such as helping to write code better and writing data queries better across multiple data sources, it can also introduce new problems and vulnerabilities. By testing it, you are ensuring that the generative AI is helping you go fast and not introducing new problems. On the flip side, StackHawk can help with testing LLMs, looking at the inputs that go into an LLM interface, and seeing what comes out.
Many executive teams and boardrooms are becoming more aware of the need to understand and build in security. Yet security is built on the three key pillars of people, processes, and technology and many organizations still have work to be done in ensuring they have all three covered. With the commonly accepted ratio of 1 security professional to every 100 developers, security teams must have tooling that helps them engage other team members. By working together, they can better manage the security risk and ensure it is effective across the organization.
This summary was written by Emily Nicholls.





