StackHawk, the company that integrates application security testing into software delivery, has announced its Deeper API Security Test Coverage release.
This extends StackHawk’s solution to help developers analyze the entire API layer to uncover potential vulnerabilities.
“Today’s application architectures require different approaches to security testing, and legacy security testing tools result in untested parts of the application, or require tedious manual testing and are too slow for most modern publishing schedules,” the company says.
“With this release, StackHawk gives developers the ability to test APIs deeper and faster, so organizations can be confident that every version they release is secure.”
The StackHawk platform makes it easy for engineers to find and fix application security bugs at any stage of software development.
The API layer presents the highest level of security risk for software vendors. Still, API discovery can be a challenge for many security teams. The Deeper API Security Test Coverage version of StackHawk allows teams to leverage existing automated testing tools, such as Postman or Cypress, to guide path and endpoint discovery, provide custom test data to use during analyzes and cover proprietary use cases for security testing.
“Modern API and application security requires tools that integrate with existing engineering workflows and provide in-depth testing coverage for today’s application architectures,” said Scott Gerlach, co-founder and director of StackHawk security.
“With our recent release of Deeper API Security Test features, StackHawk continues to lead the market in the depth and accuracy of real-world API security testing, while staying true to our developer-centric security approach,” it said. -he declares.
Engineering teams have sophisticated automated CI/CD test suites to ensure quality is maintained as they push software changes to production, and security testing should be no different. By integrating with existing testing workflows, StackHawk provides developers with security testing in a familiar way, shifting security to the left.
StackHawk’s comprehensive analytics capabilities have expanded to address several key issues, including:
Custom test data for REST APIs
The ability to use realistic required variables for paths, request or request body is something that DAST tools have always struggled with, as using poorly formatted data can prevent parsing from reach the critical logic of the application.
Custom Analytics Discovery
The ability to use test scripts and data from developer tools such as Postman or Cypress to guide the scanner, resulting in more comprehensive and thorough testing without the need for API docs.
Custom test scripts
The ability to test specific use cases such as business logic, privacy laws, and sensitive data requires custom scripts. This feature also addresses tenancy checks, the top OWASP Top 10 vulnerability, and broken function level authorization tests, which are test cases not covered by the ZAP library.