BlackHat 2023 has come to an end, and it was an exciting experience for the StackHawk team. My colleagues Austin, Zach, and I had the privilege of representing StackHawk at this significant cybersecurity event, where we demoed our platform and connected with professionals who share our passion for Dynamic Application Security Testing (DAST).
StackHawk's participation in BlackHat 2023 was not just about showcasing our dedication to application and API security testing. It was an opportunity to engage with the community, learn from others, and validate our modern approach to DAST.
In this blog post, we'll share some key takeaways from our time at BlackHat. From the features that captured the audience's attention to the conversations that inspired us, we'll provide a succinct summary of what we learned and how it shapes our perspective on security testing.
Stay with us as we dive into our BlackHat 2023 experience and what it means for StackHawk and the industry as a whole.
Understanding DAST and StackHawk
It only took a short lap around the show floor to make it clear the world of security testing is vast and complex. During our time at BlackHat 2023, we were able to shed light on a particular aspect that's close to our hearts at StackHawk: Dynamic Application Security Testing (DAST).
How StackHawk is Modernizing DAST
One fascinating discovery was how many security professionals were not only new to DAST but also surprised that such a developer-friendly tool exists. DAST evaluates running applications for vulnerabilities, providing real-time insights into potential security risks. Unlike traditional methods that only review the code, DAST actively simulates potential attacks, bridging the gap between developers and security experts.
Illustrating where DAST fits into the modern Secure Software Development Life Cycle (SSDLC) became a significant part of our discussions. By showing how StackHawk integrates near unit testing and integration testing, we were able to distinguish our approach from typical dynamic security testing tools. This positioning resonated with security professionals, as it emphasized StackHawk's alignment with modern development practices, reinforcing the principle of 'trust and verify'.
But what makes StackHawk stand out in the crowded field of security testing? Is it an awesome logo? The coolest t-shirts? You guessed it - we've got those too. However, our platform goes beyond the basics, not only embracing the principles of DAST but also elevating them to new heights.
StackHawk's dedication to application and API security testing is built around making security an intrinsic part of the development process. By offering real-time insights and seamless integration with existing workflows, we empower developers to address security issues early and often. This proactive approach not only detects vulnerabilities but also provides the tools to fix them, enhancing security without sacrificing agility or efficiency.
Our time at BlackHat confirmed that there's a hunger for developer-friendly security tools that integrate smoothly into the modern SDLC. By focusing on DAST and highlighting how StackHawk uniquely addresses this need, we were able to connect with like-minded professionals and reaffirm our commitment to innovating the security landscape.
Highlights of Our Demonstration
BlackHat 2023 was a stage for innovation and connection, and our demonstration of StackHawk's features was met with interest, curiosity, and even surprise. Here's what captured the audience's attention:
What Demoed Well
GitHub Insights Beta: Our newly introduced GitHub Insights Beta attracted interest with its streamlined onboarding process based on git repositories. By showing an inventory of all of a customer's repositories, including scan status and last commit date, we illustrated how StackHawk simplifies and enhances the efficiency of the security workflow. (psst - GitHub Insights Beta signups are open)
Optimization Panel: The Optimization Panel's ability to indicate whether a scan was complete, based on criteria like Authenticated Scanning, API Discovery, and Technology Flags, struck a chord with many. It demonstrated StackHawk's dedication to providing thorough and precise security assessments without unnecessary complexity.
SAST Integrations: Discussing our integrations with Snyk and GitHub CodeQL emphasized StackHawk's adaptability and alignment with tools already popular among developers. This connection not only affirmed our role in the security ecosystem but also demonstrated how we're making security testing more accessible and integrated.
Streaming Security Test Results: Our real-time streaming of results as security tests are running resonated strongly with attendees. This feature showcased how StackHawk provides a transparent and immediate understanding of the application security test findings, bringing otherwise hidden insights to the forefront.
Austin's Developer Story: Our own Austin brought the process to life by sharing his personal story as a developer. From discovering a security issue to utilizing StackHawk's platform to understand, reproduce, find a fix, and get that fix into production, his story resonated with the everyday challenges and triumphs of the development world.
Attendee Surprise: Perhaps one of the most rewarding moments was a conversation with a conference attendee who didn't even realize a tool like StackHawk existed. Walking away impressed, he captured the essence of what we strive for at StackHawk: building exactly what developers and security professionals need, even when they didn't know they were looking for it.
Our demonstration at BlackHat was not just about showcasing features; it was about sharing our vision and passion for making security an integral and accessible part of the development process. The reactions and connections forged confirmed that StackHawk's approach resonates with those who are on the front lines of building and securing the digital world.
Aligning with the Conference Theme: API Security Testing
A prominent theme at BlackHat 2023 revolved around the crucial role of API Security Testing in today's interconnected digital landscape. As organizations continue to rely on APIs to drive innovation and enable seamless integrations, the importance of discovering and testing all the organization's APIs cannot be overstated.
StackHawk's platform is uniquely positioned to address this growing concern, and our demo at BlackHat showcased precisely how we are making strides in this area. Here's how:
Comprehensive Discovery: Our platform's ability to perform Authenticated Scanning, API Discovery, and Technology Flags ensures that all relevant APIs within an organization are identified and assessed. This breadth of coverage is vital in today's complex and diverse technology environment.
GitHub Insights for Streamlined Workflows: Our new GitHub Insights Beta feature streamlines the onboarding process and offers a concise view of all repositories, enhancing the efficiency of managing and testing APIs across an organization.
Optimization Panel: The Optimization Panel's ability to indicate a complete scan ensures that every aspect of an API is thoroughly evaluated, leaving no stone unturned in the quest for robust security.
StackHawk's alignment with the conference theme of API Security Testing underscores our commitment to staying ahead of the curve and our dedication to developing solutions that resonate with the current needs and challenges faced by the industry. Whether it's a new feature like GitHub Insights Beta or the intelligent use of existing functionalities, we are poised to empower organizations in their API security efforts.
BlackHat 2023 was more than just an event; it was a melting pot of ideas, a validation of our approach, and a source of inspiration for future endeavors. As we reflect on our time spent demoing StackHawk to an engaged audience of security professionals, a few key takeaways stand out:
Understanding and Relevance: Our discussions and demonstrations provided insight into the growing relevance of DAST, and specifically, how StackHawk's developer-friendly approach fills a unique need within the industry.
Exciting Features and Reactions: From StackHawk’s streaming results to our GitHub Insights Beta, we were able to showcase features that not only resonate with our users but also position StackHawk as a forward-thinking leader in application and API security testing.
Community and Connection: Engaging with attendees, sharing stories, and building connections reinforced the value of community. We were reminded that our work at StackHawk is not just about creating tools but also about nurturing relationships and contributing to the broader security landscape.
Reflecting on BlackHat 2023, it's clear that the event was a valuable opportunity for StackHawk to align with the pulse of the industry, validate our innovations, and forge connections that will fuel our future growth.
Take the Next Step with StackHawk
If our experience at BlackHat resonates with you, or if you're intrigued by what StackHawk has to offer, we invite you to explore further:
Request a Demo: Experience the power and simplicity of StackHawk's platform by getting in touch for a personalized demo. Discover how we can tailor our solutions to meet your unique security needs.
Register for GitHub Insights Beta: Join our beta program and be among the first to experience our new GitHub Insights feature. Your participation will not only provide early access but also shape the future of this exciting development.
At StackHawk, we're driven by a vision of making security accessible, efficient, and integral to the development process. Our time at BlackHat 2023 has only strengthened this vision, and we look forward to what the future holds. Join us on this journey and be a part of shaping a more secure digital world.
Brian Erickson is a Sr. Product Manager at StackHawk
Austin Pearigen is a Software Engineer at StackHawk
Zachary Conger is a Solutions Architect at StackHawk