The Changelog: New Features to Kaakaww About
This month we introduced a new version of the StackHawk scanner that makes it easier to embed application security testing into the developer workflow.
This updated scanner equips development teams to overcome the trickiest parts of application security testing while giving engineers a more familiar way to interact with StackHawk.
Highlights of the new release include:
The StackHawk CLI. Users get a new way install and interact with the StackHawk scanner. With a few simple commands users can initialize the scanner, validate the config, and get going with security testing.
Configuration Linting. The new scanner is capable of identifying issues in both the StackHawk configuration YAML and OpenAPI specs before a user kicks off a scan.
Custom Auth Support. StackHawk can support your team’s one-of-a-kind auth scenario with just a few lines of YAML – meaning better app coverage with less time spent on configuration.
What Does "Shifting Security Left" Mean?
“Shifting security left” has become a buzzword, but the concept of shifting left is not new. At its core, shifting left means taking things that are done toward the end of the software development workflow and moving them earlier in the process.
When applied to security testing, shifting security left allows devs to fix security bugs faster, security to effectively scale efforts across an org, and overall drives a more efficient delivery of secure software.
Not convinced yet that shifting security testing left is right for your team? Read the blog to find out why this should move up your priority list.
⚡️ Announcing the ZAPCon Speaker Lineup
The wait is over: you can now view the ZAPCon speaker lineup!
ZAPCon will kick off on March 8 with a full day of talks from security and ZAP experts such as Jim Manico, CEO and Application Security Educator at Manicode Security, and Simon Bennetts, ZAP Founder and Distinguished Engineer at StackHawk. Then, stay turned for a morning of ZAP workshops on March 9.
ZAPCon is a free virtual event for ZAP users and those that want to level up their AppSec game. Register now so you don’t miss these exclusive talks and workshops.
Other Happenings
📺 Hawk Talks
[from the archives] JS Security Testing in GitHub Actions Workshop
📖 Reading Material
[from the archives] Log4Shell: Issue Overview and StackHawk Response to Log4j Vulnerability
📽 Virtual Events
February 14: DevSecOps Panel on DevOps.com
February 17-18: Node Congress
March 8: ZAPCon
March 8: The DEVOPS Conference
March 24: DevOps.js Conference
💼 Jobs @ StackHawk
Developer Advocate
DevOps Engineer
Sales Development Representative
Senior Product Manager, Growth
❤️ Give Us Some Love
Share the goodness of developer-centric application security. We are always grateful for recommendations and referrals! We’d love for you to share StackHawk with your friends and colleagues, or leave us a review on g2.
