StackHawk, a company that integrates application security testing into software delivery, recently unveiled the launch of Deeper API Security Test Coverage. This enhances StackHawk’s solution by allowing developers to analyse the full API layer for possible vulnerabilities. Furthermore, with this release. StackHawk enables developers to test APIs more thoroughly and quickly, allowing businesses to be certain that every release they deploy is secure.
For software firms, the API layer poses the greatest security risk. However, API discovery might be difficult for numerous security teams. Deeper API Security Test Coverage from StackHawk enables companies to utilize current automated testing tools, such as Cypress or Postman, to drive path and endpoint identification, offer specific test data to be utilized during scans, and handle specific use cases for security testing.
“Modern API and application security requires tooling that integrates into existing engineering workflows and provides thorough test coverage for today’s application architectures,” said Scott Gerlach, StackHawk co-founder and chief security officer. “With our recent release of Deeper API Security Test features, StackHawk continues to lead the market in depth and accuracy of real API security testing, all while remaining true to our developer-first security approach.”
With StackHawk’s Deeper API Security Test Coverage, the platforms functionalities have expanded to address several key issues such as:
- Custom Test Scripts: Custom scripts are required to test for unique use cases such as delicate data, privacy laws, and business logic. This functionality also covers tenancy validation, the OWASP Top 10 vulnerability, and testing for Broken Function Level Authorization.
- Custom Test Data for REST APIs: DAST tools have always battled with the capability to use realistic needed variables for paths, queries, or request bodies, as improperly structured data can block the scan from reaching crucial logic in the application.
- Custom Scan Discovery: The ability to guide the scanner using test scripts and inputs from devtools such as Cypress or Postman, leading in a more complete, detailed test without the requirement for API documentation.
Engineering teams use advanced automated test suites in CI/CD to verify that quality is upheld while software updates are sent to production, and security testing should be no exception. StackHawk integrates with standard testing workflows to provide developers with shifting security to the left.
Interested people can check more details about StackHawk’s Deeper API Security Testing.