May Newsletter:
GraphQL, Findings Management,
and More


Ryan Severns|May 29, 2020

The Hottest News in the Hawks Nest: All of the latest on StackHawk. New features, GraphQL security, and other details about where you can find StackHawk this month.

The Changelog: New Features to Kaakaww About

Check out the latest features we’ve added to StackHawk:

  • GraphQL Scanning: We are excited to announce that HawkScan, our security bug scanner, can now support GraphQL applications. Interested in scanning your GraphQL application? Check out the docs to learn more.

  • Findings Management: Mark your scan results as Assigned, False Positive, or Risk Accepted. With Findings Management, you can now focus on scan results that are new or not yet processed. Learn more below.

  • Validation of Findings: Working on a fix for a security bug? With curl based validation, you can step through the specific request that triggered the finding. Click the button, get the curl command, and get to a fix faster. More details below.

  • Announcements Panel: Email is so 90s. Now you can see feature announcements right in the app. Check out the Announcements panel to see the latest feature updates, link out to documentation, or send us feedback.

Process Your AppSec Bugs with Findings Management

may-newsletter-graphql-finding-management-img-1 image

When you jump into your scan results, there are often findings that you are aware of. Maybe a fix is in progress with an associated Jira ticket, maybe it is a false positive, or maybe it is an accepted risk (corporate still wants that Facebook tracker everywhere).

With the new Findings Management feature, you can reduce the noise and focus on the findings that matter. Mark your findings as Assigned, False Positive, or Risk Accepted to quiet them in the future. On subsequent scan runs, we will still log the findings, but they will be filtered out from the main view so you can focus on fixing what matters.

Read the Post

Fix Your Security Bug Findings with curl Validation

may-newsletter-graphql-finding-management-img-2 image

StackHawk is a dynamic application scanner, meaning that it scans a running version of your application. It finds security bugs in your app, but does not point to where the bug exists in code.

With curl-based validation of findings, you can debug the request that was used to find the security bug and zero in on the fix in code. Check out the blog post for more information.

Read the Post

Other Happenings: Because We Need to Keep Corporate Busy Somehow

📖 Reading Material

Grab your cup of coffee or a glass of whiskey and check out the latest content from the StackHawk team.

📽 Virtual Events

StackHawk is proud to be sponsoring two upcoming virtual events. Click the links below to sign up – both are free!

📺 HawkTalks

You can only binge so much Netflix. Switch it up with the latest from our co-founder and resident security expert, Scott Gerlach.

❤️ Give Us Some Love

As an early stage software company, good word of mouth is one of the best things we can get. If you know anyone who should join us in this mission of developer first security, please send them our way. Another way you can support us this month is to follow us on StackShare. As always, thanks for your support!

Ryan Severns  |  May 29, 2020