StackHawk has announced a dynamic application and API security testing (DAST) solution for GitHub, an industry-first.
The application security testing firm has integrated its proprietary DAST software with GitHub code scanning.
Code Scanning, one of GitHub's Advanced Security features, helps developers pinpoint security vulnerabilities and coding errors. The addition of StackHawk’s DAST solution to CodeScanning will enable engineering teams to test running applications, services, and APIs “for the same vulnerabilities an attacker would exploit, with results available directly in GitHub.”
Vulnerabilities may include SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and more. Built on zed attack proxy (ZAP), StackHawk also offers fixes for securing findings.
"GitHub is the central tool for developers and engineering teams," says Joni Klippert, founder and CEO of StackHawk.
"We built StackHawk to bring application and API security testing into the hands of developers. Our integration with GitHub Advanced Security simply furthers this mission, making it easier for teams to efficiently deliver secure applications."
StackHawk can be used alongside GitHub’s native security tools, including CodeQL for semantic code analysis and Dependabot for software composition analysis (SCA), among other third-party SAST and SCA offerings.
RELATED RESOURCE
DevOps: A view from the enterprise
What's driving DevOps, the impact of value stream management, and more
“DAST has long been a leading method of testing for potential vulnerabilities. By executing security tests against the running application and services, this form of testing surfaces exploitable vulnerabilities in the same way an attacker or security researcher would uncover them. With the advent of DevOps, however, DAST tools have not kept pace with the speed of modern software delivery. StackHawk has revolutionized DAST, bringing this proven security testing approach to CI/CD automation and developer workflows,” added StackHawk.
-
What is Microsoft Maia?Explainer Microsoft's in-house chip is planned to a core aspect of Microsoft Copilot and future Azure AI offerings
-
If Satya Nadella wants us to take AI seriously, let’s forget about mass adoption and start with a return on investment for those already using itOpinion If Satya Nadella wants us to take AI seriously, let's start with ROI for businesses
-
Experts welcome EU-led alternative to MITRE's vulnerability tracking schemeNews The EU-led framework will reduce reliance on US-based MITRE vulnerability reporting database
-
An AWS CodeBuild vulnerability could’ve caused supply chain chaos – luckily a fix was applied before disaster struckNews A single misconfiguration could have allowed attackers to inject malicious code to launch a platform-wide compromise
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
Two Fortinet vulnerabilities are being exploited in the wild – patch nowNews Arctic Wolf and Rapid7 said security teams should act immediately to mitigate the Fortinet vulnerabilities
-
Everything you need to know about Google and Apple’s emergency zero-day patchesNews A serious zero-day bug was spotted in Chrome systems that impacts Apple users too, forcing both companies to issue emergency patches
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
