The Secure Developer

Snyk
  • 4,7 (21)
  • TECHNOLOGIES
  • TOUTES LES 2 SEMAINES
The Secure Developer

Securing the future of DevOps and AI: real talk with industry leaders.

  1. Open Authorization In The World Of AI With Aaron Parecki

    10 JUIN

    Open Authorization In The World Of AI With Aaron Parecki

    Episode Summary How do we apply the battle-tested principles of authentication and authorization to the rapidly evolving world of AI and Large Language Models (LLMs)? In this episode, we're joined by Aaron Parecki, Director of Identity Standards at Okta, to explore the past, present, and future of OAuth.  We dive into the lessons learned from the evolution of OAuth 1.0 to 2.1, discuss the critical role of standards in securing new technologies, and unpack how identity frameworks can be extended to provide secure, manageable access for AI agents in enterprise environments. Show Notes In this episode, host Danny Allan is joined by a very special guest, Aaron Parecki, the Director of Identity Standards at Okta, to discuss the critical intersection of identity, authorization, and the rise of artificial intelligence. Aaron begins by explaining the history of OAuth, which was created to solve the problem of third-party applications needing access to user data without the user having to share their actual credentials. This foundational concept of delegated access has become ubiquitous, but as technology evolves, so do the challenges. Aaron walks us through the evolution of the OAuth standard, from the limitations of OAuth 1 to the flexibility and challenges of OAuth 2, such as the introduction of bearer tokens. He explains how the protocol was intentionally designed to be extensible, allowing for later additions like OpenID Connect to handle identity and DPoP to enhance security by proving possession of a token. This modular design is why he is now working on OAuth 2.1—a consolidation of best practices—instead of a complete rewrite. The conversation then shifts to the most pressing modern challenge: securing AI agents and LLMs that need to interact with multiple services on a user's behalf. Aaron details the new "cross-app access" pattern he is working on, which places the enterprise Identity Provider (IDP) at the center of these interactions. This approach gives enterprise administrators crucial visibility and control over how data is shared between applications, solving a major security and management headache. For developers building in this space today, Aaron offers practical advice: leverage individual user permissions through standard OAuth flows rather than creating over-privileged service accounts. Links OktaOpenID FoundationIETFThe House Files PDX (YouTube Channel)WIMSEAuthZEN Working Groupaaronpk on GitHubSnyk - The Developer Security Company Follow Us Our WebsiteOur LinkedIn

    36 min
  2. The Evolution Of Platform Engineering With Massdriver CEO Cory O’Daniel

    27 MAI

    The Evolution Of Platform Engineering With Massdriver CEO Cory O’Daniel

    Episode Summary Dive into the ever-evolving world of platform engineering with Cory O’Daniel, CEO and co-founder of Massdriver. This episode explores the journey of DevOps, the challenges of building and scaling infrastructure, and the crucial role of creating effective abstractions to empower developers. Cory shares his insights on the shift towards platform engineering as a means to build more secure and efficient software by default. Show Notes In this episode of The Secure Developer, host Danny Allan sits down with Cory O’Daniel, CEO and co-founder of Massdriver, to discuss the dynamic landscape of platform engineering. Cory, a seasoned software engineer and first-time CEO, shares his extensive experience in the Infrastructure as Code (IaC) space, tracing his journey from early encounters with EC2 to founding Massdriver. He offers candid advice for developers aspiring to become CEOs, emphasizing the importance of passion and early customer engagement.   The conversation delves into the evolution of DevOps over the past two decades, highlighting the constant changes in how software is run, from mainframes to serverless containers and now AI. Cory argues that the true spirit of DevOps lies in operations teams producing products that developers can easily use. He points out the challenge of scaling operations expertise, suggesting that IT and Cloud practices need to mature in software development to create better abstractions for developers, rather than expecting developers to become infrastructure experts.   A significant portion of the discussion focuses on the current state of abstractions in IaC. Cory contends that existing public abstractions, like open-source Terraform modules, are often too generic and don't account for specific business logic, security, or compliance requirements. He advocates for operations teams building their own prescriptive modules that embed organizational standards, effectively shifting security left by design rather than by burdening developers. The episode also touches upon the potential and limitations of AI in the operations space, with Cory expressing skepticism about AI's current ability to handle the contextual complexities of infrastructure without significant, organization-specific training data. Finally, Cory shares his optimism for the future of platform engineering, viewing it as a return to the original intentions of DevOps, where operations teams ship software with ingrained security and compliance, leading to more secure systems by default. Links MassDriverAnsibleChefTerraformDevOps is BullshitElephant in the CloudDockerPostgresOpenTofuHelmRedisElixirSnyk - The Developer Security Company Follow Us Our WebsiteOur LinkedIn

    40 min
  3. The Future Of API Security With FireTail’s Jeremy Snyder

    13 MAI

    The Future Of API Security With FireTail’s Jeremy Snyder

    Episode Summary Jeremy Snyder is the co-founder and CEO of FireTail, a company that enables organizations to adopt AI safely without sacrificing speed or innovation. In this conversation, Jeremy shares his deep expertise in API and AI security, highlighting the second wave of cloud adoption and his pivotal experiences at AWS during key moments in its growth from startup onwards. Show Notes In this episode of The Secure Developer, host Danny Allan sits down with Jeremy Snyder, the Co-founder and CEO of FireTail, to unravel the complexities of API security and explore its critical intersection with the burgeoning field of Artificial Intelligence. Jeremy brings a wealth of experience, tracing his journey from early days in computational linguistics and IT infrastructure, through a pivotal period at AWS during its startup phase, to eventually co-founding FireTail to address the escalating challenges in API security driven by modern, decoupled software architectures. The conversation dives deep into the common pitfalls and crucial best practices for securing APIs. Jeremy clearly distinguishes between authentication (verifying identity) and authorization (defining permissions), emphasizing that failures in authorization are a leading cause of API-related data breaches. He sheds light on vulnerabilities like Broken Object-Level Authorization (BOLA), explaining how seemingly innocuous practices like using sequential integer IDs can expose entire datasets if server-side checks are missed. The discussion also touches on the discoverability of backend APIs and the persistent challenges surrounding multi-factor authentication, including the human element in security weaknesses like SIM swapping. Looking at current trends, Jeremy shares insights from FireTail's ongoing research, including their annual "State of API Security" report, which has uncovered novel attack vectors such as attempts to deploy malware via API calls. A significant portion of the discussion focuses on the new frontier of AI security, where APIs serve as the primary conduit for interaction—and potential exploitation. Jeremy details how AI systems and LLM integrations introduce new risks, citing a real-world example of how a vulnerability in an AI's web crawler API could be leveraged for DDoS attacks. He speculates on the future evolution of APIs, suggesting that technologies like GraphQL might become more prevalent to accommodate the non-deterministic and data-hungry nature of AI agents. Despite the evolving threats, Jeremy concludes with an optimistic view, noting that the gap between business adoption of new technologies and security teams' responses is encouragingly shrinking, leading to more proactive and integrated security practices. Links FireTailRapid7Snyk - The Developer Security Company Follow Us Our WebsiteOur LinkedIn

    38 min
  4. The Case For Steward Ownership And Open Source With Melanie Rieback

    29 AVR.

    The Case For Steward Ownership And Open Source With Melanie Rieback

    Episode Summary  Is the traditional Silicon Valley startup model harming the security industry? In this episode of The Secure Developer, Danny Allan talks with Melanie Rieback, founder of Radically Open Security, about shaking up the industry with nonprofit business models. Tuning in, you’ll learn about the inner workings of Radically Open Security as a non-profit organization and the positive impact its donations have had on the open source ecosystem. We discuss the benefits of a steward-ownership business model, why it pairs so well with open source, and its power to reform venture capital and align incentives with long-term sustainability. For those interested in diving deeper, Melanie shares resources from her startup incubator, Nonprofit Ventures, and her free online Post Growth Entrepreneurship course. Tune in to learn why reforming our business models is vital for preserving and protecting our open source ecosystem and, by extension, security!  Show Notes In this episode, Snyk CTO Danny Allan chats with Dr. Melanie Rieback, founder of Radically Open Security, about her journey from academia and pen testing to founding a cybersecurity company with a radically different business model. Melanie shares the motivations behind creating a not-for-profit organization that donates 90% of its profits to the NLnet Foundation, supporting open source and digital rights initiatives. They discuss the discontent with traditional cybersecurity business practices, including lack of transparency and ethical concerns like selling zero-days. Melanie explains Radically Open Security's structure, operating as a collective primarily using contractors, and how this model has allowed them to grow to 50 people while serving major clients and offering pro-bono work for nonprofits and critical open source projects like the Tor Project and Tails. The conversation then broadens to discuss alternative business models like steward ownership, where profit rights are separated from voting rights, aiming to lock value within the company and prevent mission drift often caused by traditional VC funding. They explore the concept of "Post Growth Entrepreneurship," which Melanie teaches, focusing on non-extractive business models and reforming finance itself. The discussion touches upon whether the tech industry, particularly open source, is moving towards more sustainable and ethical models, citing examples like Signal, Proton, Mastodon, and Mozilla. Melanie emphasizes that the culture of open source developers is often inherently altruistic, not greedy, but can be compromised by traditional funding systems. Finally, Melanie offers resources for listeners interested in learning more about these alternative models. Links Radically Open SecurityRadically Open Security on LinkedInNLnet FoundationNonprofit VenturesPost Growth Entrepreneurship CourseSnyk - The Developer Security Company Follow Us Our WebsiteOur LinkedIn

    44 min
  5. Advancing AppSec With AI With Akira Brand

    15 AVR.

    Advancing AppSec With AI With Akira Brand

    Episode Summary In this episode of The Secure Developer, Danny Allan sits down with Akira Brand, AVP of Application Security at PRA Group, to explore the evolving landscape of application security and AI. Akira shares her unconventional journey from opera to cybersecurity, discusses why AppSec is fundamentally a customer service role and breaks down how AI is reshaping security workflows. Tune in to hear insights on integrating security seamlessly into development, AI’s role in secure coding, and the future of AppSec in a rapidly shifting tech landscape. Show Notes In this engaging episode, The Secure Developer welcomes Akira Brand, AVP of Application Security at PRA Group, for an in-depth discussion on the intersection of AI and application security. Akira’s unique background in opera and stage direction offers a fresh perspective on fostering collaboration in security teams and influencing organizational culture. Key Topics Covered: From Opera to AppSec: Akira shares her journey from classical music to cybersecurity and how her experience in stage direction translates into leading security teams.AppSec as a Customer Service Role: The importance of serving software engineers by providing security solutions that fit seamlessly into their workflows.The ‘Give Them the Pickle’ Approach: How meeting developers where they are and educating them can lead to better security adoption.AI’s Role in Secure Development: How AI-driven tools are transforming the way security is integrated into the software development lifecycle.Challenges in Security Culture: Why security is still an afterthought in many development processes and how to change that mindset.Future of AI in Security: The promise and risks of AI-assisted security tools and the need for standards to keep pace with rapid technological advancements.Links PRA GroupTuring SchoolBrian HoltFrontend MastersResiliaSnyk - The Developer Security Company Follow Us Our WebsiteOur LinkedIn

    35 min
  6. Authentication, Authorization, And The Future Of AI Security With Alex Salazar

    1 AVR.

    Authentication, Authorization, And The Future Of AI Security With Alex Salazar

    Episode Summary In this episode of The Secure Developer, host Danny Allan sits down with Alex Salazar, founder and CEO of Arcade, to discuss the evolving landscape of authentication and authorization in an AI-driven world. Alex shares insights on the shift from traditional front-door security to back-end agent interactions, the challenges of securing AI-driven agents, and the role of identity in modern security frameworks. The conversation delves into the future of AI, agentic workflows, and how organizations can navigate authentication, authorization, and security in this new era. Show Notes Danny Allan welcomes Alex Salazar, an experienced security leader and CEO of Arcade, to explore the transformation of authentication and authorization in AI-powered environments. Drawing from his experience at Okta, Stormpath, and venture capital, Alex provides a unique perspective on securing interactions between AI agents and authenticated services. Key topics discussed include: The Evolution of Authentication & Authorization: Traditional models focused on front-door access (user logins, SSO), whereas AI-driven agents require secure back-end interactions.Agentic AI and Security Risks: How AI agents interact with services on behalf of users, and why identity becomes the new perimeter in security.OAuth and Identity Challenges: Adapting OAuth for AI agents, ensuring least-privilege access, and maintaining security compliance.AI Hallucinations & Risk Management: Strategies for mitigating LLM hallucinations, ensuring accuracy, and maintaining human oversight.The Future of AI & Agentic Workflows: Predictions on how AI will continue to evolve, the rise of specialized AI models, and the intersection of AI and physical automation.Alex and Danny also discuss the broader impact of AI on developer productivity, with insights into how companies can leverage AI responsibly to boost efficiency without compromising security. Links Arcade.dev - Make AI Actually Do ThingsOkta - IdentityOAuth - Authorization ProtocolLangChain - Applications that Can ReasonHugging Face - The AI Community Building the FutureSnyk - The Developer Security Company Follow Us Our WebsiteOur LinkedIn

    39 min
  7. Rethinking Secure Communication With Mrinal Wadhwa

    18 MARS

    Rethinking Secure Communication With Mrinal Wadhwa

    Episode Summary In this episode of The Secure Developer, Danny Allan sits down with Mrinal Wadhwa, CTO at Ockam, to explore the evolving landscape of secure communication in distributed systems. They discuss the challenges of securing microservices, IoT networks, and Kubernetes environments and how traditional TLS-based security models may no longer be sufficient. Mrinal shares insights into Ockam’s approach to end-to-end encrypted, mutually authenticated channels and the impact of WebAssembly, passkeys, and modern cryptographic identity management on security. Tune in for a deep dive into how organizations can rethink security at runtime to minimize risks in today’s complex digital ecosystems. Show Notes Security in modern applications is more challenging than ever, with microservices architectures, IoT deployments, and distributed computing environments introducing new risks. In this episode, Danny Allan welcomes Mrinal Wadhwa, CTO at Ockam, to discuss how secure communication models need to evolve beyond traditional TLS and perimeter-based defenses. Topics covered include: The challenges of securing microservices and Kubernetes clustersHow end-to-end encryption and mutual authentication can minimize riskThe importance of cryptographic identities and key rotation at scaleHow Ockam enables secure channels across multiple transport layers (TCP, Bluetooth, Kafka, etc.)The role of WebAssembly and passkeys in rethinking security modelsShifting from perimeter-based security to secure-by-design communicationMrinal shares key insights on how organizations can rethink risk at runtime, considering the number of people and systems involved in data flow rather than just static build-time dependencies. Whether you're a security leader, developer, or architect, this episode provides actionable insights on building trust in your infrastructure without compromising performance or agility. Links OckamPasskeys OverviewPrivate Compute Cloud by AppleSnyk - The Developer Security Company Follow Us Our WebsiteOur LinkedIn

    41 min
  8. The Future Of Security, Privacy And Control With Wayne Chang

    4 MARS

    The Future Of Security, Privacy And Control With Wayne Chang

    Episode Summary In this episode of The Secure Developer, Danny Allan, CTO of Snyk, sits down with Wayne Chang, Founder and CEO of SpruceID, to explore the evolving landscape of digital identity and security. From self-sovereign identity to the role of AI in authentication, they discuss the future of identity management, the risks of centralized systems, and the benefits of decentralized approaches. They also dive into how policy, compliance, and emerging technologies like passkeys and zero-knowledge proofs are shaping the security ecosystem. Show Notes The world of digital identity is changing fast, and in this episode of The Secure Developer, we explore how security professionals and developers can navigate this evolving space. Host Danny Allan is joined by Wayne Chang, Founder and CEO of SpruceID, to discuss key trends and challenges in identity management. Topics Discussed: Wayne's Background: From health tech to digital identity, how Wayne’s early struggles with integrating health records led to his passion for self-sovereign identity.The Evolution of Digital Identity: Why usernames and passwords are no longer the gold standard, and how newer methods like passkeys and cryptographic credentials improve security.Decentralization vs. Centralization: The trade-offs between federated identity systems (like OAuth and SSO) and self-hosted identity wallets.The Role of AI in Identity Security: How AI is both a tool for improving security and a threat vector for identity fraud.Privacy and Compliance: How regulations like GDPR, CCPA, and emerging state-level laws influence digital identity strategies.The Future of Authentication: The move from multi-factor authentication to "myriad factor authentication," leveraging multiple signals for seamless and secure access.Wayne and Danny also discuss real-world use cases, including the development of mobile driver's licenses, emerging digital identity wallets, and the challenges of ensuring privacy and security while maintaining usability. The conversation highlights how organizations can stay ahead with better authentication practices and privacy-preserving architectures as fraud becomes more sophisticated. Links SpruceID - Identity infrastructure for the digital worldNIST - The National Institute of Standards and TechnologyNIST SP 800-63 - Digital Identity GuidelinesACLU Digital ID State Legislative RecommendationsSnyk - The Developer Security Company Follow Us Our WebsiteOur LinkedIn

    39 min
Tout afficher (166)

4,7
sur 5
21 notes

À propos

Securing the future of DevOps and AI: real talk with industry leaders.

Informations

  • Création
    Snyk
  • Années d’activité
    2016 - 2025
  • Épisodes
    166
  • Classification
    Tous publics
  • Copyright
    © 2016 - 2024 Snyk
  • Site web de l’émission
    The Secure Developer

Vous aimeriez peut‑être aussi

Pour écouter des épisodes au contenu explicite, connectez‑vous.

Recevez les dernières actualités sur cette émission

Connectez‑vous ou inscrivez‑vous pour suivre des émissions, enregistrer des épisodes et recevoir les dernières actualités.
Choisissez un pays ou une région

Afrique, Moyen‑Orient et Inde

Asie‑Pacifique

Europe

Amérique latine et Caraïbes

États‑Unis et Canada