StackHawk announced on 13th August that Dynamic Application and API Security Testing has been integrated into GitHub Code Scanning. StackHawk maintains its position as a pioneer in developer-centric security technology by becoming the first and only Dynamic Application and API Security Testing tool in GitHub Code Scanning.
StackHawk – Natively available API security testing
GitHub Code Scanning is a vulnerability tracking and reporting service that integrates application security into developers’ existing toolkit. It’s part of the company’s Advanced Security offering. StackHawk is Code Scanning’s first natively available API security testing and Dynamic Application Security Testing (DAST) solution. With this engineering teams will be able to use StackHawk to test their live applications and APIs for the same vulnerabilities that an attacker would look for, with the results stored in GitHub.
StackHawk can be used in conjunction with GitHub-native security tools like CodeQL for static analysis (SAST) and Dependabot for software composition analysis (SCA), as well as third-party SAST and SCA solutions. When these technologies are combined, a comprehensive application security testing suite is created within the tooling that developers use daily.
“GitHub is the central tool for developers and engineering teams,” says Joni Klippert, StackHawk’s Founder & CEO. “We built StackHawk to bring application and API security testing into the hands of developers. Our integration with GitHub Advanced Security simply furthers this mission, making it easier for teams to efficiently deliver secure applications.”
DAST (Dynamic Application Security Testing) has long been a popular approach to identifying potential security flaws. This type of testing exposes exploitable vulnerabilities by performing security tests against the operating application and services in the same way that an attacker or security researcher would. However, DAST tools had not kept pace with modern software delivery but now DAST has been revolutionized by StackHawk, which has brought this tried-and-true testing approach to CI/CD automation and development workflows.
StackHawk has established itself as a leader in API security testing, in addition to its features that allow DAST to be shifted earlier in the software development lifecycle. APIs will be the dominant vector of attack by 2022, according to Gartner, due to the rapid proliferation of APIs and microservice designs.