April Newsletter: Enterprise
Plan Updates, Hands-On
Technical Workshops, and More!

The Changelog: New Features to KaaKaww About

• Enterprise Plan Additions

  • Audit Log. Enterprise plan users can view an audit log of all activity within their org. Important account details and events like logins, scan kick-offs, and triage history are now available to make compliance and reporting easier. 

  • Downloads Results as JSON. Sharing is caring. Enterprise users can now download Scan Results as JSON and import results into other platforms. 

  • SAML Support. Enterprise users can use their SAML provider for SSO authentication to access StackHawk. 

• Findings Recreation Improvements. Recreate vulnerabilities faster with cURL commands for all findings – even those without request/response evidence.

• Keyboard Navigation. Users who navigate the StackHawk platform without a mouse will be able to perform all actions using only their keyboard. The sound of your Cherry MX Blue switches is music to our ears.

Register Now for Hands-On AppSec Workshops

Join StackHawk Senior DevOps engineer Zachary Conger to sharpen your application security testing skills. Zachary will be leading a series of hands-on technical workshops covering topics like using different types of AppSec tooling, running authenticated scans, and GraphQL security testing. 

All you need to do is register and come ready to find and fix vulns.

• May 4 at 9 AM PT: Automated Security Testing in a GitHub Pipeline
  Add SCA, SAST, & DAST to your pipeline using GitHub Actions.
  Register >>

• May 28 at 9 AM PT: Authenticated Scanning
  Walk through three common authentication scenarios and practice running automated, authenticated scans.
  Register>>

• June 29 at 9 AM PT: GraphQL Security Testing
  See how you can protect your GraphQL APIs from security vulnerabilities with automated testing.
  Register>>

Your Guide to Modern Security Tooling

Dynamic Application Security Testing, aka DAST, is a form of security tooling that tests a running version of your application to identify potential security vulnerabilities. 

DAST scans your running app so it works no matter what language your app is written in and DAST keeps false positives to a minimum.

If you are looking to learn more about how you can better secure your apps, check out our DAST tooling guide.

See the Guide

Other Happenings: Because We Have to Keep Corporate Busy Somehow

📺 HawkTalks

• ZAPCon After Hours: Automating ZAP with Jenkins

• StackHawk and FOSSA: Automated Security Testing

• ZAP Deep Dive - Zest Scripts, Part 1

• Scanning REST APIs

💻 Webinars

• May 4: [Workshop] Automated Security Testing in a GitHub Pipeline

• May 11: ZAPCon After Hours: Adding ZAP to All Your Testing

• May 28: [Workshop] Authenticated Application Security Testing

📖 Reading Material

• Guide to ZAP Application Security Testing

• Serverless API Security Testing

• Burp Suite Enterprise vs. StackHawk 

• API Security Testing Feature Updates

📽 Virtual Events

• May 4-7: KubeCon EU

• May 11: Developer Week Global Management

• May 19: DevOps Connect: DevSecOps at RSAC 2021

• May 20: WTF is SRE?

• June 9: JSNation Live

• June 23: cdCon

💼 Jobs @ StackHawk

• Account Executive [Inside Sales]

• Community Manager

• Customer Success Engineer

• DAST Scanner Engineer

• Marketing Coordinator

❤️ Give Us Some Love

Share the goodness of developer-centric application security. We are always grateful for recommendations and referrals! We’d love for you to share about StackHawk with your friends and colleagues. Thank you for your support!