StackHawk announced the release of a new code-based API
discovery capability,
GitHub Insights.
StackHawk's latest capability offers security teams continuous
discovery and visibility of their organization's attack surface,
allowing them to identify gaps in coverage, align security testing with
the rapid pace of software development, and work more closely with the
engineers writing the code. By seamlessly integrating with GitHub
repositories, this new feature eliminates blind spots and fosters
efficient collaboration between security and engineering teams.
Recent research highlights enterprise organizations have many, many APIs within their environments, a number so large (20,000 on average), that they are unable to maintain proper visibility over their key software components, leaving them vulnerable to risk.
Security teams often struggle due to limited insights into the
ongoing development efforts, while production-based discovery tools
frequently cannot connect APIs to the code base or identify the
responsible teams for source-level issue resolution. The constant influx
of new APIs, combined with the responsibility of maintaining security
coverage of existing ones, strains AppSec teams and leaves APIs
susceptible to potential risks. Here's how StackHawk's GitHub Insights
addresses these common pain points:
- Code-based API discovery: Everything a modern organization
releases is documented in code, but traditional discovery tools have to
rely on web traffic to identify API routes. StackHawk's GitHub Insights
discovers APIs at the source code level allowing security teams to
identify their entire API inventory before they're released to
production.
- Continuous visibility: StackHawk's GitHub Insights tests the
API layer and maps the findings back to the source code to provide
comprehensive insights into what's being developed, by whom, and how
often it's being tested to ensure that security coverage aligns with the
rapid pace of software development, providing organizations with full
visibility into their attack surfaces as well as API security posture.
- Bridging the gap between developers and security experts: StackHawk's
GitHub Insights promotes collaboration between security and developer
teams by connecting testable APIs to their corresponding code bases and
teams. This ensures that security teams can quickly identify the person
responsible for addressing issues when they arise and who to collaborate
with when testing new APIs.
"Code is the source of truth for applications, APIs, infrastructure,
and policies in today's new development era. But, security teams
struggle with limited visibility into what's happening in the code base
and how it impacts them," said Scott Gerlach, CSO and Co-Founder of
StackHawk. "StackHawk's GitHub Insights helps security practitioners map
the applications and APIs they are testing back to code, so they can
answer important questions about where a certain API lives, what team it
belongs to, who's responsible for fixing an issue, and how often an
asset has been tested."