The Changelog: New Features to KaaKaww About
Slow scans or false positives? Not on our watch.
We are making scans faster and more accurate through improvements like:
Tech stack optimizations. Run faster, more accurate scans by specifying tests for your app. Only test what's relevant to you based on the database, language, operating system, source code management, and web servers.
Auto policy creation. Run specific test suites for APIs and web pages. Don't spend time scanning for CSRF token vulnerabilities in your REST API or sorting through false positives for your front-end app.
Fine-grain test visualization. Something slowing your scan down? Now you can see individual plug-in scan progress to troubleshoot and tune performance.
Results streaming. Results are added to the StackHawk platform in real-time so you can watch scans as they happen. Additionally, this functionality makes scans more efficient with less data held in memory.
But we aren’t done yet. Stay tuned for more updates that will make you love DAST even more!
Speakers Announced for Inaugural ZAPCon
ZAPCon, the conference for ZAP users, is happening March 9, 2021. Over 1,000 attendees are slated to join the virtual event to see how others in the community are leveraging ZAP and to learn about the project’s roadmap.
Event highlights will include:
An opening keynote from ZAP founder and project lead, Simon Bennetts. Attendees will hear what is on the horizon for ZAP and how the tool will continue to make security testing easier for developers.
Real-life implementation stories spanning topics like fintech and mobile applications.
Technical deep dives covering ZAP automation and integration with other open source tools.
API Security Testing
Web APIs expose valuable data and logic, which makes them prime targets for bad actors. But keeping your API secure can be difficult.
That’s why we have developed the resources and tooling to help developers streamline their API development process to include security testing.
Check these out to keep your API protected:
[Video] Why Developers Struggle with API Security, Scott Gerlach | Postman Galaxy 2021
API Security: Protection from Vulnerabilities with Design and Testing
Other Happenings: Because We Have to Keep Corporate Busy Somehow
How to Add Application Security Testing to a GitLab Pipeline
📖 Reading Material
[From the Archives] Using Spring Profiles to Statefully Mock Out Third Party Services in Docker
📽 Virtual Events
CTO Connection | Reducing Cycle Time: March 2, 9, and 16
DevOpsDays Texas: March 2
ZAPCon: March 9
[Webinar] SCA + DAST in Action with Snyk and StackHawk: March 18
DevOps JS: March 29-30, StackHawk workshop March 31
❤️ Give Us Some Love
Share the goodness of developer-centric application security. We are always grateful for recommendations and referrals! We’d love for you to share about StackHawk with your friends and colleagues. Thank you for your support!