Episodes

  • S10 Bonus: Rohith Varanasi, Block Party
    Nov 7 2024

    Rohith Varanasi grew up in Jersey and had a chill childhood, playing videos games and sports from a young age. He wanted to learn how to build a video game, and upon googling it, decided he should build a website first. At that point.. he was hooked on coding. He got into jailbreaking the playstation and writing real code to mod games. Eventually, he got into hackathons and ended up building a web browser based on SMS called Cosmos - which went viral. Outside of tech, he is into paddle, loves going to the gym, and hanging with his girlfriend and their 1 year old cat.

    Ro and his co-founder have been building a bunch of different consumer products. The latest product they built allows people to earn in game rewards by walking, and do so in a non-deterministic way. Under the hood, they are using generative AI to create endless outcomes, and optimal replay-ability.

    This is the creation story of Block Party.

    Sponsors

    • Speakeasy
    • QA Wolf
    • SnapTrade

    Links

    • https://blockparty.game
    • https://www.linkedin.com/in/brohith/




    Support this podcast at — https://redcircle.com/code-story/donations

    Advertising Inquiries: https://redcircle.com/brands

    Privacy & Opt-Out: https://redcircle.com/privacy
    Show more Show less
    19 mins
  • S10 E8: Jason Harbert, Flowspace
    Nov 5 2024

    Jason Harbert grew up in the middle of nowhere, Ohio. He got into video games, which led him into programming... which led him to Linux and internet security and joining the hacking club. He studied computer science at the University of Cincinnati, but left his senior year to hit the startup scene in the Bay Area. Outside of tech, he lives in Ohio, and is married with a 13 month old son. He loves to travel, and spend time with his family, trying new restaurants.

    Jason and his co-founder, Ben, were having a beer, coming out of their prior startup life. Over the beer, Ben was sharing some stories about tight warehouse space and product distribution. They started to ask the question - how can you add flexibility to warehousing? They decided to set out and build something to create this solution.

    This is the creation story of Flowspace.

    Sponsors

    • Speakeasy
    • QA Wolf
    • SnapTrade

    Links

    • https://flow.space/
    • https://www.linkedin.com/in/jason-harbert/


    Support this podcast at — https://redcircle.com/code-story/donations

    Advertising Inquiries: https://redcircle.com/brands

    Privacy & Opt-Out: https://redcircle.com/privacy
    Show more Show less
    29 mins
  • The Haunted House of APIs - A Portal to the Beyond with Allison Averill
    Oct 30 2024
    The Haunted House of API's

    Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.

    A Portal to the Beyond: Securing Gen AI and other Third-Party APIs in Your Applications

    Today’s episode is titled A Portal to the Beyond: Securing Gen AI and other Third-Party APIs in Your Applications, with Allison Averill. Developers are building exciting new features with Gen AI, often leveraging 3rd party APIs. Doing this isn’t new, but are these integrations secure? These APIs open a portal to the beyond – and introduce supply chain risk to your applications. Allison is a Generative AI and product management expert at Traceable, and she will explore the risks lurking in generative AI and other 3rd party APIs, sharing best practices for securing these integrations, so you can ensure they don’t become the stuff of security horror stories.

    1. How are application developers leveraging 3rd party APIs today, and how is the landscape changing?
    2. How do third-party APIs introduce risks to applications and what are some common mistakes organizations make when integrating with third party APIs?
    3. How are generative AI APIs different from other third party APIs? What unique risks do they introduce?
    4. Have you encountered any 'nightmare' scenarios where an insecure third-party API caused a security incident?
    5. What best practices should organizations follow to ensure secure integrations?
    6. How can organizations balance the need for innovation with the necessity of maintaining strict security controls when working with external partners?

    Sponsors

    • Traceable

    Links

    • https://www.traceable.ai/
    • https://www.linkedin.com/in/allisonaverill/



    Support this podcast at — https://redcircle.com/code-story/donations

    Advertising Inquiries: https://redcircle.com/brands

    Privacy & Opt-Out: https://redcircle.com/privacy
    Show more Show less
    25 mins
  • The Haunted House of APIs - Phantom Threats with Adam Arellano
    Oct 29 2024
    The Haunted House of API's

    Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.

    Phantom Threats: The Ghosts Haunting Your API Security

    Today’s episode is titled Phantom Threats: The Ghosts Haunting Your API Security, with Adam Arellano. API security threats often go unnoticed, hiding like ghosts in your infrastructure. Bots, sophisticated fraud attempts, account takeovers and attackers disguising themselves within legit traffic… these all pose risk to your organization, and can bypass traditional security measures, wreaking havoc without detection – until it’s too late. Adam is a tech advisor, Global CISO at Traceable, and will guide listeners through the world of phantom threats haunting API security.

    1. What are "phantom threats" in the context of API security, and how do they go undetected?
    2. Can you explain how advanced botnets and fraud attempts exploit APIs while blending into legitimate traffic?
    3. Do you have a real-world example of a phantom threat that caused significant damage to an organization?
    4. What makes detecting these phantom threats so challenging, and why do traditional security measures often fail?
    5. What are the best strategies or technologies organizations can adopt to detect and eliminate these hidden threats before they cause harm?

    Sponsors

    • Traceable

    Links

    • https://www.traceable.ai/
    • https://www.linkedin.com/in/adamrossarellano/




    Support this podcast at — https://redcircle.com/code-story/donations

    Advertising Inquiries: https://redcircle.com/brands

    Privacy & Opt-Out: https://redcircle.com/privacy
    Show more Show less
    18 mins
  • S10 E8: Shashwat Sehgal, P0 Security
    Oct 28 2024

    Shashwat Sehgal has been in the tech industry broadly for 15 years. He started out as an engineer, but eventually, worked his way towards product and the business side. Outside of tech, he enjoys spending time with his family. He's into sports, loves to play tennis, but admits he hasn't played pickle ball yet because the courts are always booked. He also enjoys reading, in particular historical narratives or autobiographies.

    In his prior years, Shashwat noticed that developers spend a large amount of time securing business assets in the cloud. He dreamt of a world where this was just an abstraction layer on top of the cloud, making it easier for developers to complete the task.

    This is the creation story of P0 Security.

    Sponsors

    • P0 Security
    • Speakeasy
    • QA Wolf
    • SnapTrade

    Links

    • https://p0.dev/
    • https://www.linkedin.com/in/shashwatsehgal/




    Support this podcast at — https://redcircle.com/code-story/donations

    Advertising Inquiries: https://redcircle.com/brands

    Privacy & Opt-Out: https://redcircle.com/privacy
    Show more Show less
    21 mins
  • The Haunted House of APIs - The Haunted Web of APIs with Richard Bird
    Oct 24 2024
    The Haunted House of API's

    Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.

    The Haunted Web: Navigating API Sprawl and Creepy Crawlers

    Today’s episode is titled The Haunted Web: Navigating API Sprawl and Creepy Crawlers, with Traceable’s Chief Security Officer, Richard Bird. As organizations scale and evolve, so does the complexity of their APIs. API sprawl, the uncontrolled expansion of APIs, creates a tangled web where vulnerabilities linger in the shadows. These unseen APIs become “creepy crawlers” of your digital infrastructure, creeping through your systems and posing security risks. Richard will discuss how unmanaged and undocumented APIs contribute to blind spots in security, the risks they create for organizations and the best strategies for securing a sprawling ecosystem.

    Discussion questions:

    1. Can you explain what we mean by "unknown APIs" and the different types, like shadow, rogue, zombie, and undocumented?
    2. Why do these APIs often go unnoticed, and how do they become security risks?
    3. What makes these APIs such an attractive target for attackers, and can you share an example of how one has been exploited?
    4. How can organizations begin to uncover these hidden APIs, and what tools or strategies are effective in doing so?
    5. In your experience, what are some common mistakes organizations make that lead to these unknown APIs being created or overlooked?

    Sponsors

    • Traceable

    Links

    • https://www.traceable.ai/
    • https://www.linkedin.com/in/rbird/
    • https://richardbird.com/


    Support this podcast at — https://redcircle.com/code-story/donations

    Advertising Inquiries: https://redcircle.com/brands

    Privacy & Opt-Out: https://redcircle.com/privacy
    Show more Show less
    20 mins
  • The Haunted House of APIs - The Dark Corners of APIs with Katie Paxton-Fear
    Oct 23 2024
    The Haunted House of API's

    Today, we are releasing another episode for Cybersecurity Awareness month, in our series entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.

    The Dark Corners of APIs: Uncovering Unknown APIs Lurking in the Shadows

    Our episode today is titled The Dark Corners of APIs: Uncovering Unknown API’s lurking in the shadows, where we speak with Katie Paxton-Fear. APIs are the gateway to your digital infrastructure, but hidden deep in the recesses of your system are unknown APIs – shadow, rogue, zombie, and undocumented API’s. Each of these present a unique threat to your organization and can be exploited by hackers. Katie is an API hacker and researcher, and today, she will take us on a journey through the API graveyards, where hidden APIs lurk, waiting to be exploited – sharing real life examples of how these API’s have been attacked, and best practices for ensuring they don’t become your companies next security nightmare.

    Discussion questions:

    1. Can you explain what we mean by "unknown APIs" and the different types, like shadow, rogue, zombie, and undocumented?
    2. Why do these APIs often go unnoticed, and how do they become security risks?
    3. What makes these APIs such an attractive target for attackers, and can you share an example of how one has been exploited?
    4. How can organizations begin to uncover these hidden APIs, and what tools or strategies are effective in doing so?
    5. In your experience, what are some common mistakes organizations make that lead to these unknown APIs being created or overlooked?

    Sponsors

    • Traceable

    Links

    • https://www.traceable.ai/
    • https://www.linkedin.com/in/katiepf/
    • https://insiderphd.dev/
    • Katie's YouTube Channel




    Support this podcast at — https://redcircle.com/code-story/donations

    Advertising Inquiries: https://redcircle.com/brands

    Privacy & Opt-Out: https://redcircle.com/privacy
    Show more Show less
    17 mins
  • The Haunted House of APIs - The Witch’s Brew with Jayesh Ahire
    Oct 22 2024
    The Haunted House of API'sThe Witch’s Brew: Stirring Up OWASP Vulnerabilities and API Testing

    Today, we are kicking off an amazing series for Cybersecurity Awareness month, entitled the Haunted House of API’s, sponsored by our friends at Traceable AI. In this series, we are building awareness around API’s, their security risks – and what you can do about it. Traceable AI is building One Platform to secure every API, so you can discover, protect, and test all your API's with contextual API security, enabling organizations to minimize risk and maximize the value API's bring to their customers.

    In today’s episode, we will be talking with Jayesh Ahire, an expert in API testing and OWASP, will guide us through the "brew" of common vulnerabilities that haunt API ecosystems, focusing on the OWASP Top 10 for APIs. He’ll share how organizations can use API security testing to spot and neutralize these vulnerabilities before they become major exploits. By emphasizing proactive security measures, Jayesh will offer insights into creating a strong API testing framework that keeps malicious actors at bay.

    Discussion questions:

    1. What are some of the most common vulnerabilities in APIs that align with the OWASP Top 10, and why are they so dangerous?
    2. Why is API security testing crucial for detecting these vulnerabilities early, and how does it differ from traditional security testing?
    3. Can you share an example of how an overlooked API vulnerability led to a significant security breach?
    4. How can organizations create an effective API testing framework that addresses these vulnerabilities?
    5. What tools or methods do you recommend for continuously testing APIs and ensuring they remain secure as they evolve?

    Sponsors

    • Traceable

    Links

    • https://www.traceable.ai/
    • https://www.linkedin.com/in/jayesh-ahire/
    • https://owasp.org/




    Support this podcast at — https://redcircle.com/code-story/donations

    Advertising Inquiries: https://redcircle.com/brands

    Privacy & Opt-Out: https://redcircle.com/privacy
    Show more Show less
    21 mins