POPULARITY
En este episodio, hablamos de la mano de Isabelle Mauny, Fundadora y CTO de 42Crunch, sobre la primordialidad del propósito y la empatía a la hora de promover una buena Developer Experience. Con más de 25 años de experiencia en el sector, Isabelle nos brinda su perspectiva sobre la evolución de la DevEx en diversos entornos, desde startups hasta gigantes como IBM. Exploramos los componentes clave de una Developer Experience sólida, cómo los estilos organizativos la moldean y el papel esencial de la empatía en este contexto. Además, discutimos la importancia de alinear el propósito organizacional con los objetivos personales de cada developer. No te pierdas las respuestas a estas y otras interrogativas clave de este episodio y continúa la conversación con Isabelle a través de su perfil de LinkedIn. Episodios anteriores de esta serie sobre la Developer Experience: Developer Experience y crecimiento organizacional Mejorando la Developer Experience con Trunk-Based Development Developer's Experience and Psychological Safety with Markus Seebacher What is Developer Experience with Abi Noda
In episode 79 of the We Hack Purple Podcast host Tanya Janca spoke to Isabelle Mauny , Field CTO and founder of 42Crunch! Isabelle and Tanya met way back in 2018, at an API Security workshop in Britain, having no idea they would be friends for years to come! Isabelle is extremely passionate about securing APIs, and has volunteered for several different groups and projects in order to try to steer our industry in a more secure direction, including being president of the OpenAPI group and lending her skills to the OWASP DevSlop project to fix up our Pixi app.Together they discussed several of the challenges when creating secure APIs, including: BOLA (Broken Object Level Authorization), bots, all sorts of other broken authentication (not just object-level), verbose error messages, the fact that APIs are *not* invisible to hackers, and so much more. Isabelle covered how to have a positive security culture, and build out a DevSecOps program that includes API security, what the OpenAPI protocol is, and several inspiring customer success stories. We also talked about her free IDE Plugin that gives you a score out of 100 for security, and how Tanya's first try at it she only got a score somewhere in the 20's to start! Of course, we also talked about the OWASP API Security Top Ten, and how that helped bring the important of securing APIs into the mainstream, rather than an obscure thing only AppSec people like Isabelle and Tanya obsess over.Isabelle also spoke about a webinar she will be on July 13, Mastering Secure API Development with GitHub and 42Crunch, you can sign up here: https://42crunch.com/mastering-secure-api-development-with-github-and-42crunch/Get to know Isabelle:Isabelle Mauny, co-founder and Field CTO of 42Crunch, is a technologist at heart. She worked at IBM, WSO2 and Vordel across a variety of roles, helping large enterprises design and implement integration solutions. At 42Crunch, Isabelle manages customer POCs , partners integrations and product training. She is a frequent speaker at conferences and a published author. Isabelle is passionate about APIs and enjoys sharing her experience in podcasts such as this one :)Isabelle Links!https://tools.openapis.orghttps://42crunch.com/mastering-secure-api-development-with-github-and-42crunch/https://apisecurity.iohttps://github.com/isamauny/codemotion2023/blob/main/RuggedAPIs-Codemotion-2023.pdfhttps://42crunch.com/blog/Very special thanks to our sponsor, Semgrep!Semgrep Supply Chain's reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable.Get Your Free Trial Here! Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset!
Although security may not be the first thing that comes to mind when building a great API, it can catch up to you faster than you can say data breach. That's why Isabelle Mauny, field CTO and co-founder of API security platform 42Crunch, does what she does.Despite the advances in attitudes towards API security, Isabelle says it's still undervalued. Look at your team and see if she's right: If you have, say, 100 developers and only one person dedicated to security, you may need to adjust your prioritization. No matter the ratio, the development and security teams will have to work together to find a balance between their respective goals. Security shouldn't put limitations on the developers' aims. But developers need to know that what they're building can withstand poking and prodding if they don't want it taken apart.On this episode of API Intersection, Isabelle explains the most important factors in creating a secure API, why internal APIs can be just as complex as external APIs, and the impact of scaling. Do you have a question you'd like answered, or a topic you want to see in a future episode? Let us know here:https://stoplight.io/question/
This week in the Enterprise security News, A Hack brought unwanted attention to SolarWinds, Datadog and Snyk unveil GitHub integration to automate software development workflow, Thoma Bravo Invests In Machine Identity Management/Security Startup Venafi, FireEye Closes $400M Blackstone Investment, and DigiCert now enables manufacturers to embed certificates on chips prior to manufacturing! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw211
This week in the Enterprise security News, A Hack brought unwanted attention to SolarWinds, Datadog and Snyk unveil GitHub integration to automate software development workflow, Thoma Bravo Invests In Machine Identity Management/Security Startup Venafi, FireEye Closes $400M Blackstone Investment, and DigiCert now enables manufacturers to embed certificates on chips prior to manufacturing! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw211
Dmitry Sotnikov serves as Chief Product Officer at 42Crunch – an enterprise API security company. He maintains https://APISecurity.io, a popular community site with daily API Security news and weekly newsletter API vulnerabilities, breaches, standards, best practices, regulations, and tools. Dmitry joins us to discuss REST API Security. We talk about the top API security threats, counters [...] The post Dmitry Sotnikov – REST API Security – there is no silver bullet appeared first on Security Journey Podcasts.
Dmitry Sotnikov, Chief Product Officer at 42Crunch and curator of https://APIsecurity.io joins Abel Wang for a discussion on the transition to cloud and later to cloud-native, container-based and serverless architectures, which has led to explosion of REST APIs. Now application components talk to each other over the network and become targets of remote cyberattacks. In this episode, we will discuss how 42Crunch and Microsoft technologies including Visual Studio Code, Azure DevOps, and Azure Kubernetes Service can be used to enable end-to-end agile API security from design to runtime protection.Jump To:[01:25] - What is REST API security[05:25] - 42Crunch technology overview[06:20] - Demo: REST API security testing in VS Code[09:51] - Demo: API security testing in CI/CD pipeline[14:23] - Demo: API protection in Azure Kubernetes Services Learn More: REST API security weekly newsletter, encyclopedia, and community resources42Crunch API Security toolsVS Code extension for REST API development and security Azure Kubernetes Services API microfirewallDevOps Lab Favorite Links: Create a Free Azure DevOps AccountAzure DevOps DocsWrite Cool CodeGitHub Actions
We have a Security Industry Briefings Update, where we talk about 42Crunch, Viridium, Whitecanyon, and Eclypsium! Full Show Notes: https://wiki.securityweekly.com/ES_Episode136 Visit https://securityweekly.com/esw for all the latest episodes!
We have a Security Industry Briefings Update, where we talk about 42Crunch, Viridium, Whitecanyon, and Eclypsium! Full Show Notes: https://wiki.securityweekly.com/ES_Episode136 Visit https://securityweekly.com/esw for all the latest episodes!
This week, we welcome Nik Whitfield, CEO at Panaseer, to talk about Continuous Controls Monitoring! In the Enterprise news, Secureworks launches new cybersecurity analytics app, StackRox Kubernetes Security Platform Receives Red Hat Container Certification, SIEM Solutions Firm Exabeam Raises $75 Million, and Serverless monitoring startup Espagon expands to cover broader microservices TechCrunch, and more! In our final segment, we have a Security Industry Briefings Update, where we talk about 42Crunch, Viridium, Whitecanyon, and Eclypsium! Full Show Notes: https://wiki.securityweekly.com/ES_Episode136 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Nik Whitfield, CEO at Panaseer, to talk about Continuous Controls Monitoring! In the Enterprise news, Secureworks launches new cybersecurity analytics app, StackRox Kubernetes Security Platform Receives Red Hat Container Certification, SIEM Solutions Firm Exabeam Raises $75 Million, and Serverless monitoring startup Espagon expands to cover broader microservices TechCrunch, and more! In our final segment, we have a Security Industry Briefings Update, where we talk about 42Crunch, Viridium, Whitecanyon, and Eclypsium! Full Show Notes: https://wiki.securityweekly.com/ES_Episode136 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Stackpath released new edge computing VMs, ExtraHop hires former Tenable and HPE leaders to support growth in cyber, Security professionals want to return fire to Venafi, Dragos acquires NexDefense, and 42Crunch unveils a new platform to discover API vulnerabilities and protect them from attacks! Full Show Notes: https://wiki.securityweekly.com/ES_Episode130 Visit http://securityweekly.com/esw for all the latest episodes!
This week, in the Enterprise Security News, I am joined by John Strand to discuss how Stackpath released new edge computing VMs, ExtraHop hires former Tenable and HPE leaders to support growth in cyber, Security professionals want to return fire to Venafi, Dragos acquires NexDefense, and 42Crunch unveils a new platform to discover API vulnerabilities and protect them from attacks! In the second segment, we air some pre recorded from RSA Conference 2019 with Endgame, Virsec, and Scythe! Full Show Notes: https://wiki.securityweekly.com/ES_Episode130 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit http://securityweekly.com/esw for all the latest episodes!
This week, in the Enterprise Security News, I am joined by John Strand to discuss how Stackpath released new edge computing VMs, ExtraHop hires former Tenable and HPE leaders to support growth in cyber, Security professionals want to return fire to Venafi, Dragos acquires NexDefense, and 42Crunch unveils a new platform to discover API vulnerabilities and protect them from attacks! In the second segment, we air some pre recorded from RSA Conference 2019 with Endgame, Virsec, and Scythe! Full Show Notes: https://wiki.securityweekly.com/ES_Episode130 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Stackpath released new edge computing VMs, ExtraHop hires former Tenable and HPE leaders to support growth in cyber, Security professionals want to return fire to Venafi, Dragos acquires NexDefense, and 42Crunch unveils a new platform to discover API vulnerabilities and protect them from attacks! Full Show Notes: https://wiki.securityweekly.com/ES_Episode130 Visit http://securityweekly.com/esw for all the latest episodes!
Paul Asadoorian and Matt Alderman recap RSA Conference 2019, including their briefings with: - 42Crunch - Baffle - CyberInt - Eclypsium - Ericom Software - Lacework - Radware - RiskRecon and More! Full Show Notes: https://wiki.securityweekly.com/ES_Episode129 Visit http://securityweekly.com/esw for all the latest episodes!
Paul Asadoorian and Matt Alderman recap RSA Conference 2019, including their briefings with: - 42Crunch - Baffle - CyberInt - Eclypsium - Ericom Software - Lacework - Radware - RiskRecon and More! Full Show Notes: https://wiki.securityweekly.com/ES_Episode129 Visit http://securityweekly.com/esw for all the latest episodes!