Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we have an amazing guest, David Homoney, join us. David is the newly appointed Sales Engineer at Apiiro. Before stepping into this role, he made significant contributions as a Technical Solutions Architect II for Application, API, and Workload Security at World Wide Technology (WWT), a leading global technology provider and integrator. With an impressive 30-year career in network and system administration, David has established himself as one the strong voices in the field of API security. He's not only an API security evangelist but also a blog contributor and speaker, having written several articles on various aspects of application and API security and presenting at industry conferences. Outside of his professional pursuits, David is the Associate Executive Producer of the No Agenda Show, a popular podcast known for its insightful media deconstruction, social engineering discussions, and political analysis. In today's episode, we're diving deep into the world of API security. We'll get his expert insights on the latest industry buzz, including the rumored acquisition of Noname by Akamai, which was now confirmed at the RSA Conference. We'll also explore the differences between runtime protection and security on the left side of the SDLC, debate whether DAST for API security testing is dead, and discuss how runtime protection API security vendors often integrate known vulnerable apps into their algorithms instead of implementing advanced algorithms. Dive right in! Books discussed: Hacking APIs: Breaking Web Application Programming Interfaces by Corey J. Ball: https://www.amazon.com/Hacking-APIs-Application-Programming-Interfaces/dp/1718502443/ Defending APIs: Uncover advanced defense techniques to craft secure application programming interfaces by Colin Domoney - https://www.amazon.com/Defending-APIs-against-Cyber-Attack/dp/1804617121/