Sign up to save your podcasts
Or
Share Arshan Dabirsiaghi -- Security Startups, AI Influencing AppSec, and Pixee/Codemodder.io
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Arshan Dabirsiaghi -- Security Startups, AI Influencing AppSec, and Pixee/Codemodder.io
Arshan Dabirsiaghi of Pixee joins Robert and Chris to discuss startups, AI in appsec, and Pixee's Codemodder.io. The conversation begins with a focus on the unrealistic expectations placed on developers regarding security. Arshan points out that even with training, developers may not remember or apply security measures effectively, especially in complex areas like deserialization. This leads to a lengthy and convoluted process for fixing security issues, a problem that Arshan and his team have been working to address through their open-source tool, Codemodder.io.
Chris and Arshan discuss the dynamic nature of the startup world. Chris reflects on the highs and lows experienced in a single day, emphasizing the importance of having a resilient team that can handle these fluctuations. They touch upon the role of negativity in an organization and its potential to hinder progress. Arshan then delves into the history of Contrast Security and its pioneering work in defining RASP (Runtime Application Self-Protection) and IAST (Interactive Application Security Testing) as key concepts in appsec.
The group also explores the future of AI in application security. Arshan expresses his view that AI will serve more as a helper than a replacement in the short term. He believes that those who leverage AI will outperform those who don't. The conversation also covers the potential risks of relying too heavily on AI, such as the introduction of vulnerabilities and the loss of understanding in code development. Arshan emphasizes the importance of a feedback loop in the development process, where each change is communicated to the developer, fostering a learning environment. This approach aims to improve developers' understanding of security issues and promote better coding practices.
Links:
Pixee https://www.pixee.ai/
Pixee's Codemodder.io: https://codemodder.io/
Book Recommendation:
Hacking: The Art of Exploitation, Vol. 2 by John Erickson: https://nostarch.com/hacking2.htm
Aleph One's "Smashing The Stack for Fun and Profit":
http://phrack.org/issues/49/14.html
Tim Newsham's "Format String Attacks":
https://seclists.org/bugtraq/2000/Sep/214
Matt Conover's "w00w00 on Heap Overflows" (reposted):
https://www.cgsecurity.org/exploit/heaptut.txt
Jeremiah Grossman, aka rain forest puppy (rfp):
https://www.jeremiahgrossman.com/#writing
Justin Rosenstein's original codemod on GitHub:
https://github.com/facebookarchive/codemod
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
View all episodes
By Chris Romeo and Robert Hurlbut
5
3636 ratings
Arshan Dabirsiaghi of Pixee joins Robert and Chris to discuss startups, AI in appsec, and Pixee's Codemodder.io. The conversation begins with a focus on the unrealistic expectations placed on developers regarding security. Arshan points out that even with training, developers may not remember or apply security measures effectively, especially in complex areas like deserialization. This leads to a lengthy and convoluted process for fixing security issues, a problem that Arshan and his team have been working to address through their open-source tool, Codemodder.io.
Chris and Arshan discuss the dynamic nature of the startup world. Chris reflects on the highs and lows experienced in a single day, emphasizing the importance of having a resilient team that can handle these fluctuations. They touch upon the role of negativity in an organization and its potential to hinder progress. Arshan then delves into the history of Contrast Security and its pioneering work in defining RASP (Runtime Application Self-Protection) and IAST (Interactive Application Security Testing) as key concepts in appsec.
The group also explores the future of AI in application security. Arshan expresses his view that AI will serve more as a helper than a replacement in the short term. He believes that those who leverage AI will outperform those who don't. The conversation also covers the potential risks of relying too heavily on AI, such as the introduction of vulnerabilities and the loss of understanding in code development. Arshan emphasizes the importance of a feedback loop in the development process, where each change is communicated to the developer, fostering a learning environment. This approach aims to improve developers' understanding of security issues and promote better coding practices.
Links:
Pixee https://www.pixee.ai/
Pixee's Codemodder.io: https://codemodder.io/
Book Recommendation:
Hacking: The Art of Exploitation, Vol. 2 by John Erickson: https://nostarch.com/hacking2.htm
Aleph One's "Smashing The Stack for Fun and Profit":
http://phrack.org/issues/49/14.html
Tim Newsham's "Format String Attacks":
https://seclists.org/bugtraq/2000/Sep/214
Matt Conover's "w00w00 on Heap Overflows" (reposted):
https://www.cgsecurity.org/exploit/heaptut.txt
Jeremiah Grossman, aka rain forest puppy (rfp):
https://www.jeremiahgrossman.com/#writing
Justin Rosenstein's original codemod on GitHub:
https://github.com/facebookarchive/codemod
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More shows like The Application Security Podcast
View all
Risky Business
364 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
639 Listeners
Page 94: The Private Eye Podcast
311 Listeners
Smashing Security
318 Listeners
Darknet Diaries
7,951 Listeners
Application Security Weekly (Audio)
11 Listeners
Application Security Weekly (Video)
4 Listeners
Cybersecurity Today
172 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
316 Listeners
Defense in Depth
77 Listeners
Cloud Security Podcast
59 Listeners
Cyber Security Headlines
129 Listeners
Risky Bulletin
43 Listeners