StackHawk Onboarding #3: Triaging and Fixing Findings

Ryan Severns
Ryan Severns
Share on twitter
Share on facebook
Share on linkedin
Share on reddit
Ryan Severns

Ryan Severns

Share on twitter
Share on facebook
Share on linkedin
Share on reddit

Our onboarding guide walking you through how to get started with application security testing with StackHawk.

Getting Started with StackHawk

To help you get started, we have written this onboarding guide with all the tips and tricks about getting up and running with StackHawk. This post covers how to triage and fix your application security findings.

Managing Your Findings // Triage and Fix Your Bugs

Bug Triage

If you are like many customers, your scan returned a decent size list of bugs. As a first step, we recommend triage. In the web app, select one or more findings and triage with the Actions drop down.

Triaging application security findings in StackHawk.

Here are a few tips:

  • Fix Critical Bugs Now: Which bugs to fix depends on your particular application, but a good place to start is by fixing any bugs marked as High criticality. More details on fixes below.
  • Risk Accept Where Applicable: If you know that any of the identified bugs are accepted risk, mark them now to avoid being alerted in the future.
  • Assign the Rest for Prioritization: For many teams, a common step at this point is to put the rest of the findings into a backlog for future prioritization discussions.

Fixing Bugs :squash:

When you are ready to fix the security bugs found by your scan, here are a few tips:

  • Request / Response Details: When you click on a particular path within a finding, you will see the Request and Response information associated with the bug. Use this to understand what is happening with the bug.
  • Finding Validation: Click the Validate button to generate a curl command to recreate the exact request (attack) of the particular finding. Put your IDE in debug mode and step through the code to help figure out how to fix the bug.

Next Up: learn how to automate your application security testing in CI/CD.

As always, we are here to help at support@stackhawk.com.

More StackHawk
Ryan Severns
Zachary Conger
Scott Gerlach

KAAKAWW!!! [ kǝn'grats ]

The Demo Gods Approve!
We’ll reach out to you soon to schedule a 45 minute demo. Please complete this 3 minute survey so we can prepare a demo that is specific to you.

KAAKAWW!!! [ kǝn'grats ]

You're signed up for the newsletter!
We’ll keep you up to date on content and other happenings here at StackHawk.