March Newsletter: API Scanning
Updates, Security Testing
for Developers, and more


Rebecca Warren|March 30, 2021

The hottest news in the hawk’s nest: All of the latest on StackHawk including API scanning updates, security testing for developers, and more.

The Changelog: New Features to Kaakaww About

March Newsletter: API Scanning Updates, Security Testing for Developers, and more image

Scanning your APIs for security vulnerabilities is critical. This month, we introduced new scanning capabilities to give you faster, more accurate scans no matter what type of API you are working with.

  • Optimized Scanning Policies. Run the scans that are meaningful to your specific API. A new `autoPolicy` flag in the stackhawk.yml will pull a pretuned default policy from the StackHawk platform based on the configured API technology (REST, GraphQL, or SOAP). 

  • Smart Input Vectors. Each API technology requires different inputs and input types to efficiently find vulnerabilities. The new `autoInputVector` will populate the right inputs for your API so you can run faster, more accurate scans. Like magic!

  • REST Parameter Aware Scanning. Don’t waste time scanning nearly identical paths with different parameter values. The scanner now recognizes REST API parameters to limit redundant tests in your scan. Now you just have to figure out what to do with all that extra time.

  • SOAP Support. The StackHawk scanner can now find vulnerabilities in SOAP APIs.

Security Testing for Developers

Using security tools in CI/CD comes with huge upside – vulnerabilities can be found on every merge and they can be fixed on the spot. No more waiting months for an audit and wading through ancient code to try to patch. 

But, implementing security testing in the build pipeline requires developer-friendly tools. And not every security tool on the market checks the right boxes. 

We put together a couple resources to help you know what to look for when it comes to dev-centric security tooling.  

Catch-Up on ZAPCon 2021

March Newsletter: API Scanning Updates, Security Testing for Developers, and more image

Earlier this month, we helped put together the first-ever ZAPCon. 

The event featured awesome content covering ZAP Project Updates, technical deep dives, and user stories. If you weren’t able to tune in or you want to re-watch your favorite sessions, you can catch all of ZAPCon now on YouTube

ZAPCon Bonus Content

This week we introduced a recurring ZAP content series called ZAPCon After Hours. You can watch the first After Hours session on YouTube as well. 

To keep in the loop on all things After Hours, make sure to register for updates by clicking below. 

Stay Up to Date

Other Happenings: Because We Have to Keep Corporate Busy Somehow

📺 HawkTalks

📖 Reading Material

💻 Webinars

📽 Virtual Events

💼 Jobs @ StackHawk

❤️ Give Us Some Love

Share the goodness of developer-centric application security. We are always grateful for recommendations and referrals! We’d love for you to share StackHawk with your friends and colleagues. Thank you for your support!

Rebecca Warren  |  March 30, 2021