{"version":"1.0","type":"rich","provider_name":"Acast","provider_url":"https://acast.com","height":250,"width":700,"html":"<iframe src=\"https://embed.acast.com/$/655148df2861630012a1d01b/67d6a5c634deae95a5dc8de3?\" frameBorder=\"0\" width=\"700\" height=\"250\"></iframe>","title":"Liran Tal: How to Secure Your Apps and AI Agents","thumbnail_width":200,"thumbnail_height":200,"thumbnail_url":"https://open-images.acast.com/shows/655148df2861630012a1d01b/1742120368909-30ccb922-f81f-4d03-9dbd-94ff3ddd7f11.jpeg?height=200","description":"<p>Links</p><p>- Codecrafters (partner): https://tej.as/codecrafters</p><p>- Snyk: https://snyk.io/</p><p>- Liran on X: https://x.com/liran_tal</p><p>- Tejas on X: https://x.com/tejaskumar_</p><p><br></p><p>Summary</p><p><br></p><p>In this conversation, we explore the complexities of software security, particularly focusing on the challenges posed by Node.js and the broader software supply chain. We discuss the evolution of security practices, the importance of awareness among developers, and the role of automation in enhancing security measures. The conversation highlights the need for a balance between automated tools and manual audits, emphasizing that human oversight remains crucial in high-risk environments. </p><p><br></p><p>We also explore the vulnerabilities associated with open-source software and the trust developers place in third-party tools and extensions, specifically the importance of SBOMs in understanding software dependencies. We discuss the SolarWinds attack as a pivotal case in supply chain security and the role of tools like lockfile lint in enforcing security policies. </p><p><br></p><p>Finally, we discuss AI and the role of LLMs in security, particularly regarding attack vectors and the reliability of AI-generated code.</p><p><br></p><p>Chapters</p><p><br></p><p>00:00 Liran Tal</p><p>01:44 Introduction to Security in Software Development</p><p>04:53 The Evolution of Node.js and Security Challenges</p><p>07:29 Understanding Software Supply Chain Vulnerabilities</p><p>10:49 The Role of Open Source in Security</p><p>13:51 Exploring Security in Development Tools and Extensions</p><p>16:40 The Importance of Security Awareness and Training</p><p>19:40 Automating Security: Tools and Best Practices</p><p>22:30 The Balance Between Automation and Manual Audits</p><p>25:43 Conclusion and Future of Security in Software Development</p><p>35:00 Balancing Automation and Human Intervention in Security</p><p>38:08 Understanding S-BOMs and Their Importance</p><p>41:14 The SolarWinds Attack: A Case Study in Supply Chain Security</p><p>43:29 Lockfile Lint: Enforcing Security Policies in Code</p><p>46:49 Generating SBOMs: A Practical Approach</p><p>49:03 Demystifying CVSS: Understanding Vulnerability Scoring</p><p>52:50 AI in Security: Attack Vectors and Defense Strategies</p><p>59:52 Navigating Security in AI-Generated Code</p><p>01:05:39 The Role of LLMs in Security Vulnerability Detection</p><p>01:08:24 Integrating Agents for Secure Code Generation</p><p>01:11:16 Challenges of LLMs in Security Validation</p><p>01:14:42 The Complexity of Security in AI Systems</p><p>01:20:56 Understanding Fuzzing and AI's Role</p><p>01:24:08 Container Breakout Threats and Mitigation Strategies</p><p><br></p>","author_name":"Tejas Kumar"}