CHOOSING A SOLUTION
Allard knew there was no silver bullet to solve all of the needs he had for application security. Instead, he sought to find best-in-class tools that would make his vision for a scaled application security program possible.
He first discovered Snyk, and later StackHawk, and recognized that the two had a “similar dev-centric approach.” As a result, he chose to build a program with these two partners.
While Snyk’s SCA tool helped Breathe Life secure the open source libraries they used, Allard was also looking for a Dynamic Application Security Testing (DAST) tool, to ensure that Breathe Life’s proprietary code was also protected.
EXPERIENCE WITH STACKHAWK
“One of StackHawk’s key differentiators was the ability to leverage the Open API spec in order to better scan the application. The typical Ajax spider from other products are pretty limited in what they could find… there was no real part of our application that was tested,” said Allard, “The StackHawk scan with the Open API showed us that the real application was being tested and it's not just checking the box to meet some compliance requirement that we have.”
But it wasn’t just the findings that impressed Allard. It was also what his team could do with them.
“Managing findings is another thing we like with StackHawk. Being able to easily manage those, and not adding noise to scans when you have the same thing over and over is super helpful,” said Allard.
Allard is early in the journey of deploying Snyk and StackHawk, but is already reaping the benefits of having greater confidence in the code that is shipped.