January Newsletter: Onboarding Updates, ZAPCon 2021, Auth Blogs, and More

The Changelog: New Features to Kaakaww About

• New Sample Application Onboarding. Get scanning faster! We’ve created a wizard to walk new users through the steps for scanning Google Firing Range sample data.

• GraphQL Updates. We are giving GraphQL users more details to find vulnerabilities in their APIs. We’ve optimized the user experience associated with describing and recreating GraphQL vulnerabilities to show more details around GraphQL operations and queries.

• REST API Updates. Not to be outdone by GraphQL, REST APIs get their own improvements so you have all the information you need to troubleshoot on the fly.

• Recreate Findings Faster. When you drill into a specific finding you will see a new UI that has the “Response,” “Request,” and Evidence” sections all in one view so you can seamlessly recreate vulnerabilities without switching panels.

We are Thrilled to Present the First-Ever ZAPCon

We are thrilled to be part of the first-ever ZAPCon taking place March 9th at 8AM-12PM PT / 4PM-8PM GMT. The event is free for everyone!

Topics include using ZAP at scale and application security best practices. If you are a current ZAP user or are interested in learning more about the open source scanner StackHawk is built on, make sure to register.

Submit a Talk

Register Now

Can We See Some ID?

When implementing security testing and vulnerability scanning, it is important to test all of your app’s paths, including the authenticated routes. Only scanning public routes can cause you to miss the majority of vulnerabilities, which are often hidden behind a credentialed login.

Implementing authentication flows can be tricky, so we have created a new blog series to walk you through how to configure the StackHawk scanner with different forms of authentication.

Check out the blogs and keep your scans on lock 🔐

• Username/Password Authentication + Cookie Authorization

• External Token Authentication + Custom Token Authorization

• Username/Password Authentication + Bearer Token Authorization

Other Happenings: Because We Have to Keep Corporate Busy Somehow

📖 Reading Material

• [Silicon Angle] Security ‘Shifts Left’ to Debug Critical Code Before Software Deployment

• Application Security Testing with the StackHawk GitHub Action

• How to Run Standalone Kotlin with Gradle

• How We Built the StackHawk Slack App

📽 Virtual Events

We kicked off the year with TestJS Summit at the end of January. We have more great events coming up!

• Postman Galaxy : February 2-4

• Cloud World : February 17-19

• Node Congress : February 18-19

• [Webinar] Using StackHawk in GitLab CI/CD : February 25

• DevOpsDays Texas : March 2-3

• [Webinar] SCA + DAST in Action with Snyk and StackHawk : March 18

• DevOps JS : March 29-30

❤️ Give Us Some Love

Share the goodness of developer-centric application security testing. We are always grateful for recommendations and referrals! We’d love for you to share StackHawk with your friends and colleagues. As always, thank you for your support!