In our latest webinar “Discover your Attack Surface in 15 Minutes”, StackHawk's VP of Engineering, Dan Hopkins, Chief Security Officer, Scott Gerlach, and Solutions Architect, April Conger, unveiled StackHawk’s new API Discovery feature. The session emphasized the increasingly complex landscape of API security, highlighting the critical need for effective solutions. From the increasing volume of API production to the evolving threat landscape, organizations face unprecedented challenges in managing their APIs attack surface.
StackHawk's API Discovery feature sets itself apart by providing a comprehensive view of an organization's entire API attack surface. Unlike traditional discovery tools that rely solely on production monitoring, StackHawk's innovative approach analyzes APIs directly from the source code. This deeper level of visibility empowers organizations to identify and address security vulnerabilities proactively, rather than reactively responding to breaches.
We Took to The Polls!
Every great webinar has even better polls. Key learnings from our audience shared the need for effective API security as a must have. This session attracted a diverse audience, with 27% in AppSec, 15% in Engineering, 15% in Leadership, and 8% in DevOps roles. The different representations highlight API security as a multi-departmental challenge requiring top-down attention. When asked about their current API discovery practices, half of respondents use an automated way to monitor their API attack surface while the other half rely on manual processes to communicate the status of their API.
However, even with awareness of the issue, many organizations struggle to accurately assess their API attack surfaces. When asked, "how many APIs does your company have?", responses ranged from just a few APIs to tens of thousands, with some admitting they simply didn't know. This uncertainty is alarming, but is also a common challenge faced by many organizations. For many AppSec teams, the sheer number of APIs being produced and retired is overwhelming, making it difficult to maintain a comprehensive inventory. Others may have outdated or incomplete records, such as the use of either human knowledge or tracking within spreadsheets. These practices often lead to no visibility within an organization's attack surface.
What Keeps Teams Up at Night
When asked the question, “When thinking about your attack surface, what keeps you up at night?”, an alarming number selected "Unknown Unknowns". This uncertainty demonstrates the risks posed by undiscovered APIs. From security vulnerabilities to operational inefficiencies and compliance challenges, a lack of API visibility can have significant consequences. By proactively identifying and managing all of your organizations APIs, you can strengthen your security posture, optimize your IT operations, and mitigate compliance risks.
StackHawk's innovative API Discovery feature (offered free with enterprise plans), provides a comprehensive view of your entire API landscape. By analyzing source code rather than relying on traditional methods like expensive to run production monitoring or outdated spreadsheets, StackHawk empowers you to proactively identify and address security vulnerabilities. This proactive approach ensures the security and efficiency of your digital assets, helping you stay ahead of emerging threats.
Love for StackHawk’s API Discovery
With StackHawk, discovering your attack surface just got a whole lot easier (and faster!). We specifically asked attendees the following: “After seeing StackHawk’s API Discovery, does this change your perspective of how to discover your attack surface?”
According to our poll, 60% of respondents shared that seeing StackHawk's API Discovery has changed their perspective on how to discover APIs, with many excited to try it out or share it with their team. Check out the full recording of the webinar to learn more, and deep dive into:
The evolution of web development from the past 15 years and its impact on API security
Why traditional API discovery methods fall short in modern architectures
How StackHawk's innovative approach promises to revolutionize API security management, by going straight to the source code.
A live demonstration of discovering an entire API attack surface in less than 15 minutes
Don't miss out on these valuable insights. Watch the full webinar recording or sign up to start discovering all of your APIs in just 15 minutes, for free!
