Hamburger Icon

RSA 2023:
Themes and Observations

Lindsy Farina

Lindsy Farina|May 18, 2023

Welcome to “Product Manager’s Corner,” a new blog series where we will provide valuable insights into the world of API testing and application security. As a product manager, staying up-to-date with the latest industry trends, feature releases, and customer stories is essential to creating successful products.

In this series, we will share our perspectives on new API testing and application security industry trends and insights, discuss feature releases, and showcase customer stories that highlight the impact of our products. Our goal is to provide you with valuable insights into the product management process and help you stay ahead of the curve in this ever-changing industry.

We look forward to sharing our experiences and knowledge with you in this exciting new blog series. Let’s dive in and explore the world of API testing and application security!

Hello and welcome to PM Corner! I’m Lindsy Farina, Senior Product Manager here at StackHawk! Today I will be sharing a little about the themes we saw at this year’s RSA conference in sunny San Francisco!

Let’s start with the biggest theme: Shift left

Like many great buzz phrases that came before it, digital transformation being the most recent, the concept sounds great, but the execution feels nebulous. We all know it’s coming, we all know we have to do it, but being the first to take the step into the abyss is hard. I definitely got a sense that people are on the cusp of making moves, some are still shifting to the center, but others are still peeking from behind the curtain to see how it goes.

Gif 1 image

At StackHawk, we realized early that the key to a successful shift was teamwork. The organization as a whole needs to get on board with the concept and create, dare I say it, synergy with security and engineering teams. Ultimately, it should be less scary to take that first step if you have a support system to join you! 

And no one is going to shift left with scans that take hours, no matter how enthusiastic they are about the buzz. It simply doesn’t make sense. It was fun to watch how excited RSA booth visitors were to see us demo a full scan in real time, kicked off directly from the IDE, that completed before we could finish our spiel about DAST! 

Gif 2 image

DAST & SAST: The dynamic (and static) duo

Just like it takes a village to shift left, it also takes a winning tool stack to complete the loop.  SAST with DAST are the Martha Stewart and Snoop Dogg power team that helps you quickly identify your most critical vulnerabilities, helping you cut down the noise and prioritize what truly matters. While many users started in the SAST/SCA world, things are evolving, and it’s clear from our conversations at RSA that DAST is top of mind. Being able to hit your application at runtime to see if those code-level vulnerabilities are truly exploitable is the hot ticket. Surfacing vulnerabilities early in the development phase with DAST, coupled with code analysis from our friends at Snyk, I’ll cheers to that!

Gif 3 image

Coverage, discovery, and accuracy, oh my!

But do you support…? The answer was YES! Consumers are looking for API coverage and we have it. With support for REST, SOAP, GraphQL, and even gRPC, StackHawk has you covered. Booth visitors also asked about taking advantage of the work they’d already put in to build swagger docs, Selenium test suites, Postman collections, etc. StackHawk’s extensive custom scan discovery options have you covered. Not only does this improve the accuracy of your results, but it is also going to help with scan times getting you even closer to the left!

Gif 4 image

The Wrap Up

While the glowing StackHawk logo and our cool t-shirts may have brought people into our booth, what kept them there was our live demo. Many asked us “What does StackHawk do?” thinking that was necessary to get our cool shirt, but then quickly realized that they truly were interested and wanted to learn more. Per my colleagues, the booth visitors this year had clearly done their homework about DAST and StackHawk, and were more prepared with questions on the themes above compared to the 2022 RSA attendees. Many prospects are still in early phases of sorting out their tool stack, their compliance needs, and their course of action to get to building and deploying secure software. But it is clear that they are ready to take the steps toward shifting left, and see the value in what StackHawk has to offer. We are here for it!

Gif 5 image

[Lindsy Farina is a Sr. Product Manager at StackHawk]

Read more:

Lindsy Farina  |  May 18, 2023

Read More

Add AppSec to Your CircleCI Pipeline With the StackHawk Orb

Add AppSec to Your CircleCI Pipeline With the StackHawk Orb

Application Security is Broken. Here is How We Intend to Fix It.

Application Security is Broken. Here is How We Intend to Fix It.

Using StackHawk in GitLab Know Before You Go (Live)

Using StackHawk in GitLab Know Before You Go (Live)