The Changelog: New Features to Kaakaww About
Check out the latest features we’ve added to StackHawk:
- GraphQL Scanning: We are excited to announce that HawkScan, our security bug scanner, can now support GraphQL applications. Interested in scanning your GraphQL application? Check out the docs to learn more.
- Findings Management: Mark your scan results as Assigned, False Positive, or Risk Accepted. With Findings Management, you can now focus on scan results that are new or not yet processed. Learn more below.
- Validation of Findings: Working on a fix for a security bug? With curl based validation, you can step through the specific request that triggered the finding. Click the button, get the curl command, and get to a fix faster. More details below.
- Announcements Panel: Email is so 90s. Now you can see feature announcements right in the app. Check out the Announcements panel to see the latest feature updates, link out to documentation, or send us feedback.
Process Your AppSec Bugs with Findings Management
When you jump into your scan results, there are often findings that you are aware of. Maybe a fix is in progress with an associated Jira ticket, maybe it is a false positive, or maybe it is an accepted risk (corporate still wants that Facebook tracker everywhere).
With the new Findings Management feature, you can reduce the noise and focus on the findings that matter. Mark your findings as Assigned, False Positive, or Risk Accepted to quiet them in the future. On subsequent scan runs, we will still log the findings, but they will be filtered out from the main view so you can focus on fixing what matters.
Fix Your Security Bug Findings with curl Validation
StackHawk is a dynamic application scanner, meaning that it scans a running version of your application. It finds security bugs in your app, but does not point to where the bug exists in code.
With curl-based validation of findings, you can debug the request that was used to find the security bug and zero in on the fix in code. Check out the blog post for more information.
Other Happenings: Because We Need to Keep Corporate Busy Somehow
📖 Reading Material
Grab your cup of coffee or a glass of whiskey and check out the latest content from the StackHawk team.
- Sharing Dependencies and Gradle Plugins between Kotlin/SpringBoot Services
- Why Doesn’t Your Pipeline Have Security Bug Testing?
- Application Security is Broken. Here is How We Intend to Fix It.
📽 Virtual Events
StackHawk is proud to be sponsoring two upcoming virtual events. Click the links below to sign up – both are free!
You can only binge so much Netflix. Switch it up with the latest from our co-founder and resident security expert, Scott Gerlach.
❤️ Give Us Some Love
As an early stage software company, good word of mouth is one of the best things we can get. If you know anyone who should join us in this mission of developer first security, please send them our way. Another way you can support us this month is to follow us on StackShare. As always, thanks for your support!