DENVER, Oct. 31, 2023 -- StackHawk, the company making web application and API security testing part of software delivery, announced today the release of a new code-based API discovery capability, GitHub Insights. StackHawk's latest capability offers security teams continuous discovery and visibility of their organization's attack surface, allowing them to identify gaps in coverage, align security testing with the rapid pace of software development, and work more closely with the engineers writing the code.
By seamlessly integrating with GitHub repositories, this new feature eliminates blind spots and fosters efficient collaboration between security and engineering teams.
Recent research highlights enterprise organizations have many, many APIs within their environments, a number so large (20,000 on average), that they are unable to maintain proper visibility over their key software components, leaving them vulnerable to risk.
Security teams often struggle due to limited insights into the ongoing development efforts, while production-based discovery tools frequently cannot connect APIs to the code base or identify the responsible teams for source-level issue resolution. The constant influx of new APIs, combined with the responsibility of maintaining security coverage of existing ones, strains AppSec teams and leaves APIs susceptible to potential risks. Here's how StackHawk's GitHub Insights addresses these common pain points:
- Code-based API discovery:Â Everything a modern organization releases is documented in code, but traditional discovery tools have to rely on web traffic to identify API routes. StackHawk's GitHub Insights discovers APIs at the source code level allowing security teams to identify their entire API inventory before they're released to production.
- Continuous visibility:Â StackHawk's GitHub Insights tests the API layer and maps the findings back to the source code to provide comprehensive insights into what's being developed, by whom, and how often it's being tested to ensure that security coverage aligns with the rapid pace of software development, providing organizations with full visibility into their attack surfaces as well as API security posture.
- Bridging the gap between developers and security experts:Â StackHawk's GitHub Insights promotes collaboration between security and developer teams by connecting testable APIs to their corresponding code bases and teams. This ensures that security teams can quickly identify the person responsible for addressing issues when they arise and who to collaborate with when testing new APIs.
"Code is the source of truth for applications, APIs, infrastructure, and policies in today's new development era. But, security teams struggle with limited visibility into what's happening in the code base and how it impacts them," said Scott Gerlach, CSO and Co-Founder of StackHawk. "StackHawk's GitHub Insights helps security practitioners map the applications and APIs they are testing back to code, so they can answer important questions about where a certain API lives, what team it belongs to, who's responsible for fixing an issue, and how often an asset has been tested."
StackHawk's modernized DAST approach with an emphasis on shifting security left has redesigned the way organizations develop and test applications today. An essential next step to helping security teams shift left, is understanding what APIs they have, where they live, and who they belong to. Code-based discovery with StackHawk's GitHub Insights bridges that gap between security and engineering teams, fostering stronger collaboration and more informed decision making.