The Changelog: New Features to Kaakaww About
Scanning your APIs for security vulnerabilities is critical. This month, we introduced new scanning capabilities to give you faster, more accurate scans no matter what type of API you are working with.
Optimized Scanning Policies. Run the scans that are meaningful to your specific API. A new `autoPolicy` flag in the stackhawk.yml will pull a pretuned default policy from the StackHawk platform based on the configured API technology (REST, GraphQL, or SOAP).
Smart Input Vectors. Each API technology requires different inputs and input types to efficiently find vulnerabilities. The new `autoInputVector` will populate the right inputs for your API so you can run faster, more accurate scans. Like magic!
REST Parameter Aware Scanning. Don’t waste time scanning nearly identical paths with different parameter values. The scanner now recognizes REST API parameters to limit redundant tests in your scan. Now you just have to figure out what to do with all that extra time.
SOAP Support. The StackHawk scanner can now find vulnerabilities in SOAP APIs.
Security Testing for Developers
Using security tools in CI/CD comes with huge upside – vulnerabilities can be found on every merge and they can be fixed on the spot. No more waiting months for an audit and wading through ancient code to try to patch.
But, implementing security testing in the build pipeline requires developer-friendly tools. And not every security tool on the market checks the right boxes.
We put together a couple resources to help you know what to look for when it comes to dev-centric security tooling.
Dynamic Application Security Testing (DAST): Overview & Tooling Guide
Catch-Up on ZAPCon 2021
Earlier this month, we helped put together the first-ever ZAPCon.
The event featured awesome content covering ZAP Project Updates, technical deep dives, and user stories. If you weren’t able to tune in or you want to re-watch your favorite sessions, you can catch all of ZAPCon now on YouTube.
ZAPCon Bonus Content
This week we introduced a recurring ZAP content series called ZAPCon After Hours. You can watch the first After Hours session on YouTube as well.
To keep in the loop on all things After Hours, make sure to register for updates by clicking below.
Other Happenings: Because We Have to Keep Corporate Busy Somehow
[Full Event Playlist] ZAPCon
📖 Reading Material
ZAP vs. StackHawk: Dynamic Application Security Testing Tool Comparison
[From the Archive] StackHawk GitHub Action
April 8: Dev-Centric Security in CI/CD with StackHawk and FOSSA
April 12: Automate AppSec in CI/CD with SCA & DAST
📽 Virtual Events
April 8: DevOps Days Raleigh
April 14-16: React Summit
May 4-7: KubeCon EU
💼 Jobs @ StackHawk
❤️ Give Us Some Love
Share the goodness of developer-centric application security. We are always grateful for recommendations and referrals! We’d love for you to share StackHawk with your friends and colleagues. Thank you for your support!