We are thrilled to announce that Simon Bennetts, Founder of Zed Attack Proxy (ZAP), has joined the StackHawk team. ZAP is an open source dynamic application security testing (DAST) tool that helps users find security bugs in their code; it is also the underlying scanning technology for the StackHawk product. […]
Software engineering has changed with CI/CD. Application security, however, has been left behind. […]
Application security as we know it today is broken. You commit your code and push features into production, only to get a high priority Jira ticket from security months later with little context. At this point, a security bug has been in production for months and you are pulled into an inefficient fix process. There is a better way. […]
How we handle shared dependencies across our SpringBoot/Kotlin/Gradle projects, allowing us to scale services and team members. […]
In my over twenty years in information security, I’ve experimented with my approach to AppSec a couple ways. I’ve bought REALLY expensive AppSec tools, I’ve hired LOTS of AppSec pros, and I’ve sent MANY developers to AppSec training. […]
Nobody wants to ship insecure applications. But with application security practices that lag behind frequent deployments (or are just non-existent), apps are shipped to production without ensuring that they are free of security bugs. […]
All the latest happenings from the Hawks Nest. Pipeline automation with CircleCI and GitLab, AppSec visibility with Slack, and more. […]
When you check in a new web app vulnerability, do you get an alert and guidance on how to fix it? With the new StackHawk CircleCI Orb you can, and it’s easy. […]
Shifting security left means leveraging automation and integrations earlier in development. With the new StackHawk Slack App, you can get that development feedback sooner. […]
The earlier you find application bugs, the cheaper it is to fix them. That’s one of the reasons so many organizations have adopted Test Driven Development (TDD). TDD enables Developers to more accurately identify if the code you are about to commit is going to break and not pass the tests you’ve instrumented in CI/CD. Analogous to the TDD process, we believe in automating application security testing. That’s why we created StackHawk! […]
This is my favorite slide from my pitch deck, used to highlight the problem that has kept security from “shifting left” into the modern development workflow. We started StackHawk to help engineers find and fix application security bugs in their code, as they write software and before deploying to production. […]