StackHawk
Hamburger Icon

Enabling Shift-Left Practices Through AppSec and Developer Training

Matt Thompson

Matt Thompson |August 15, 2024

Discover how StackHawk's comprehensive developer training is transforming AppSec practices. Learn to implement DAST, conduct hands-on testing, and tailor security solutions to your unique development environment. Empower your team to build an effective shift-left security culture.

How can StackHawk Customer Success Help Drive More Value?

At the beginning of the year, our team gathered to strategize on what we can do in Customer Success to help our customers maximize their investment in StackHawk.  Our primary focus has always been to assist our hawksome customers in achieving their objectives and desired outcomes.  Ensuring a successful onboarding experience is critical, as it is with any SaaS platform, and we take great care and pride in our implementation process for all customers. However, our commitment to delivering value extends far beyond just ensuring proper configurations and running tests.

The real benefit of StackHawk lies in helping to unite Application Security (AppSec) and Developers to cultivate a "Shift Left" culture, as outlined in our Senior Director of Product Marketing’s guide, "8 Essential Tips to Evolve your AppSec Program".  We mulled over how we could assist AppSec and Developers in embedding security into their software development workflows from the outset. The solution was clear and straightforward - we needed to implement formal training.

Building a Secure Foundation with StackHawk

At StackHawk, our Customer Success team is here to guide you through every step of integrating HawkScan into your software development lifecycle. Our approach ensures your team is equipped with the necessary tools, knowledge, and support throughout the integration.  

  • Onboarding: Though our onboarding process, we help you derive as much value from StackHawk as quickly as possible, and then build from there. This involves inviting your team members, discovering your apps, and laying the groundwork for future growth.

  • Optimized Setup: We assist you in defining your basic scan configurations, setting up authentication, and tuning your scans for maximum efficiency.

  • Continuous Adoption: Once you’ve identified how your AppSec and Developers would work together under one common security practice, we’re here to train your entire team on how to bring applications under test and automate in your software development cycle.

  • Ongoing Support:  Your engineers and developers are now empowered to start testing more applications, with continuous guidance and support from StackHawk CSMs and Solutions Architects.

  • Independence:  You’re on the journey from Shift-Left Committed to becoming Continuously Secure as outlined in our Shift Left Maturity Model.

Team Onboarding and Training with StackHawk 

Make no mistake, we're well aware that providing a training session isn't exactly groundbreaking. In fact, without the proper context of how you plan to use StackHawk, training sessions can often turn into mundane and repetitive exercises. However, while there are always some fundamental introductory topics that any training must cover, our goal is to ensure that this training is meaningful, hands-on, and engaging. We aim for your teams to dive into testing your critical applications for security vulnerabilities with enthusiasm, aligning seamlessly with your workflows and DevOps practices right from the start.

AJ Stinn, our Lead Support Engineer in our Customer Success team built our Developer Training from the ground up.  Here is his approach to get your team started with StackHawk.

“Diving into the world of DAST can feel daunting and complex. It blends elements of AppSec, DevOps, and Engineering, from understanding how your application authenticates to integrating scanning in CI/CD. Without a solid foundation in running scans against an application, it’s easy to feel overwhelmed and unsure of where to start or what to prioritize. Building a well-rounded DAST program that ensures no vulnerabilities are left unchecked while remaining efficient for AppSec and Development requires a solid grasp of the tools, their purpose, and how they function."

"This was my goal when creating our developer training: to ensure the fundamental building blocks are in place for users integrating StackHawk’s DAST into their environment, and to instill the value of shifting this type of security testing earlier in their development lifecycle.”

What is DAST? What is StackHawk?

Attendees might have an idea of Dynamic Application Security Testing (DAST) based on what they’ve heard or other tools they’ve used. We start our training sessions by setting the stage with a clear understanding of StackHawk/DAST and what our platform does—and doesn’t do. This prevents confusion and helps everyone grasp the core purpose of the tooling. We walk through our scanning methodology and explain the architecture of running our DAST engine.

Hands-On Testing

What better way to learn the basics than by testing them out yourself? When covering complex topics in any training, it can be a struggle to follow along with a presenter over Zoom, so we've made it as easy as possible to drive more hands on participation by offering detailed Training Guides accessible in our GitHub repo.These guides outline every training step with easy-to-copy commands that can be pasted directly into your terminal.

Because the long-term vision of running the scanner in a pipeline or navigating OAuth can get quite complex, we stick to the basics during this hands-on portion to drive home the tool's functionality and operation. Engineers install HawkScan and a local testing application. We guide them through setting up and configuring the scanner to work with our application, running a few different scans, and reviewing the findings in the user interface.

Every Organization is Unique

Every organization, its applications, and its development processes are unique. This foundational approach gets attendees thinking critically about their own applications and environments, equipping them with the tools needed to start building complex scanning scenarios tailored to their specific needs. By demonstrating the functionality in a low environment (locally) we are able to directly show the value in scanning applications earlier in the development process. Together this gives attendees the right tools to get started in their journey of Shift-Left DAST.

What are customers saying about the training?

Since formally launching in March, the feedback has been overwhelmingly positive. Here are a couple quotes:

Enabling Shift Left Practices Through AppSec and Developer Training- Customer Quote 1 image
Enabling Shift Left Practices Through AppSec and Developer Training- Customer Quote 2 image

If you've collaborated with our Customer Success Managers, you're aware of how accommodating and flexible we are. Our goal is to make your interactions with our teams both meaningful and goal-oriented. We apply this same philosophy to our training approach.

How can you take advantage?

All new customers will receive this training as part of our standard onboarding process.

If you're already a customer, please contact your dedicated Customer Success Manager or send a message to our support team (support@stackhawk.com or through the chat feature in-app) to arrange a 15-minute session. This will help us tailor the training to better align with your Shift Left objectives.

Prefer a more relaxed setting? Join us for our weekly Wednesday sessions by registering on our website. These sessions are less customized than those scheduled through Customer Success, but are a great start. If you're looking for a more personalized experience, just let us know.

Not a customer yet? No worries! We invite anyone interested in discovering how StackHawk can help you to join this hands-on training session - a perfect opportunity to see what we're all about.


Matt Thompson   |  August 15, 2024

Read More

Embrace the Future of Security with the Shift-Left Maturity Model

Embrace the Futureof Security with theShift-Left Maturity Model

Announcing API Discovery-352-126

Announcing API Discovery Powered by HawkAI

Shifting Left: 8 Essential Tips to Evolve your AppSec Program thumbnail image 

Shifting Left: 8 EssentialTips to Evolve yourAppSec Program