StackHawk has announced a dynamic application and API security testing (DAST) solution for GitHub, an industry-first.
The application security testing firm has integrated its proprietary DAST software with GitHub code scanning.
Code Scanning, one of GitHub's Advanced Security features, helps developers pinpoint security vulnerabilities and coding errors. The addition of StackHawk’s DAST solution to CodeScanning will enable engineering teams to test running applications, services, and APIs “for the same vulnerabilities an attacker would exploit, with results available directly in GitHub.”
Vulnerabilities may include SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and more. Built on zed attack proxy (ZAP), StackHawk also offers fixes for securing findings.
"GitHub is the central tool for developers and engineering teams," says Joni Klippert, founder and CEO of StackHawk.
"We built StackHawk to bring application and API security testing into the hands of developers. Our integration with GitHub Advanced Security simply furthers this mission, making it easier for teams to efficiently deliver secure applications."
StackHawk can be used alongside GitHub’s native security tools, including CodeQL for semantic code analysis and Dependabot for software composition analysis (SCA), among other third-party SAST and SCA offerings.
RELATED RESOURCE
DevOps: A view from the enterprise
What's driving DevOps, the impact of value stream management, and more
“DAST has long been a leading method of testing for potential vulnerabilities. By executing security tests against the running application and services, this form of testing surfaces exploitable vulnerabilities in the same way an attacker or security researcher would uncover them. With the advent of DevOps, however, DAST tools have not kept pace with the speed of modern software delivery. StackHawk has revolutionized DAST, bringing this proven security testing approach to CI/CD automation and developer workflows,” added StackHawk.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Organizations urged to act fast after GitHub Action supply chain attackNews More than 20,000 organizations may be at risk following a supply chain attack affecting tj-actions/changed-files GitHub Action.
-
Nearly a million devices were infected in a huge GitHub malvertising campaignNews Microsoft has alerted users to a malvertising campaign leveraging GitHub to infect nearly 1 million devices around the world.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
'GitVenom' campaign uses dodgy GitHub repositories to spread malwareNews Security researchers have issued an alert over a campaign using GitHub repositories to distribute malware, with users lured in by fake projects.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Malicious GitHub repositories target users with malwareNews Criminals are exploiting GitHub's reputation to install Lumma Stealer disguised as game hacks and cracked software
