Developer-First DAST: Fix Security Issues Before They Reach Production with Gadi Bashvitz

The podcast examines the increasing influence of AI on application security, particularly in the context of dynamic application security testing (DAS) within large financial institutions. It emphasizes how AI is streamlining complex security tasks, such as authentication and shadow API detection, making DAS more efficient and easier for developers to integrate into their workflows. However, it also addresses the risks associated with AI-generated code, highlighting the need for security integration early in the development process to reduce false positives and improve overall efficiency.

A major focus is on STAR, an AI-driven security tool that identifies and automatically resolves vulnerabilities during the development cycle. STAR leverages existing AI coding tools and provides validation to ensure the security of fixes, making it a valuable asset in modern development environments. The tool is described as language-agnostic, scalable, and compatible with current systems, offering features like audit logs, reporting dashboards, and enterprise system integration. While automation plays a key role, the podcast stresses the continued importance of developer engagement with security, emphasizing education and understanding over passive acceptance of automated fixes. The discussion also underscores the need for continuous scanning, adaptation to emerging threats, and a shift from compliance-based approaches to proactive risk management, with metrics like time to fix vulnerabilities and developer productivity serving as key performance indicators for security improvement.