- 112
- 263 019
StackHawk
United States
Приєднався 22 кві 2020
StackHawk makes it simple for developers to find, triage, and fix application security bugs. Scan your application for AppSec bugs in the code your team wrote, triage and fix with provided documentation, and automate in your pipeline to prevent future bugs from hitting prod.
Discover your Attack Surface in 15 Minutes with StackHawk's API Discovery
Join us for an exclusive look at our latest product announcement, API Discovery.
In this session, we'll walk through:
• How to discover unknown APIs and applications in your attack surface
• Taking the next steps to get critical assets under security testing quickly
• Tracking your overall security coverage
• Leveraging insights to collaborate with developers and keep security testing up to speed with software development
In this session, we'll walk through:
• How to discover unknown APIs and applications in your attack surface
• Taking the next steps to get critical assets under security testing quickly
• Tracking your overall security coverage
• Leveraging insights to collaborate with developers and keep security testing up to speed with software development
Переглядів: 55
Відео
API Discovery Powered by HawkAI - Teaser 4K
Переглядів 75Місяць тому
API Discovery Powered by HawkAI automatically prioritizes your apps and APIs for security testing and keeps you up to date on your attack surface coverage as code changes. www.stackhawk.com/solutions/api-discovery
Introducing API Discovery Powered by HawkAI
Переглядів 40Місяць тому
Now available! API Discovery Powered by Hawk AI Discover every API in your attack surface, get them under test quickly with automatic prioritization, and continuously oversee attack surface coverage.
Code to Cloud with Microsoft, GitHub, and StackHawk
Переглядів 612 місяці тому
Leading organizations leverage the Microsoft and GitHub ecosystems to deliver new software and customer experiences faster. However, security tools and processes must live within the software development lifecycle to innovate quickly and securely without slowing engineers down. Learn how Microsoft and GitHub customers use StackHawk to build efficient, scalable security workflows that accelerate...
Constructing a Secure AppSec Foundation with CommunityAmerica Credit Union & StackHawk
Переглядів 883 місяці тому
This session showcases the successful partnership between CommunityAmerica Credit Union and StackHawk, illustrating how collaboration and strategic influence (aka “making friends and influencing people”) can strengthen application security (AppSec) measures. Discover the key strategies implemented by CommunityAmerica Credit Union including: - Key criteria for Integrating advanced security solut...
Office Hours: Scan Discovery with HAR Files and Auth Updates
Переглядів 504 місяці тому
Office Hours: Scan Discovery with HAR Files and Auth Updates
Secure with StackHawk: A Continuous Approach to Application and API Security.
Переглядів 1735 місяців тому
StackHawk co-founders Joni Klippert and Scott Gerlach discuss a modern approach to continuous application and API security and how to achieve it, regardless of whether you are a security professional, developer, or leader. Understand how mature your AppSec program is on a scale of continuous security and learn from personal anecdotes on how to get to the next level (or even skip a couple!)
DAST is Dead! Long Live DAST! The Evolution of Dynamic API Security Testing
Переглядів 1,1 тис.7 місяців тому
Watch this session to discover modern security practices in a world backed by APIs. What You'll Learn: - The evolution from traditional Dynamic Application Security Testing to today's robust Dynamic API Security Testing. - How to overcome the challenges of legacy security testing in a world driven by APIs. - How modern Dynamic API Security Testing tools empower developer teams, automate securit...
Elevate Your AppSec Program with the Dynamic Duo: StackHawk and Snyk
Переглядів 1639 місяців тому
See how StackHawk and Snyk’s dev-first approach to AppSec helps streamline security operations and prioritize vulnerability remediation. In this office hour session, we highlight: - Why DAST SAST are better together - How to leverage correlated findings with the Snyk & StackHawk integration - DevSecOps in Action at StackHawk - Best Practices for Snyk Adoption Resources 🔗 Slides: docs.google.com...
How to Shift Left the Right Way
Переглядів 11710 місяців тому
Application Security isn’t just a security problem. It’s a business problem. While many organizations understand the benefits of shifting security left, they fail to consider the platforms and fuel needed to make it truly work. Shifting Left is just as much about coordination and collaboration as finding and fixing. Scott Gerlach, co-founder and CSO of StackHawk, and Jim Armstrong, Senior Produ...
StackHawk - API Security Testing for Teams that Deploy Software Every Day!
Переглядів 21810 місяців тому
StackHawk is the only modern API security testing tool that runs in CI/CD, enabling developers to quickly find, triage, and fix security issues before they hit production. To learn more and get going with your free account at www.stackhawk.com
Turning Win-don’ts into Win-do’ws: Automating HawkScan Across Azure Pipelines, Windows, and More
Переглядів 7111 місяців тому
Tune in for help from the StackHawk team on overcoming automation woes with the Windows ecosystem! In this session we cover: - Running HawkScan in Azure Pipelines and GitHub Actions - NTLM Authentication - Certificate management with proxies 🔗Slides: docs.google.com/presentation/d/1uw4DAmxUeIGhFliA61V1hv08LEMApAnQwKvEHsma8sM/edit?usp=sharing
StackHawk Office Hours: Gitty Up with GitHub Insights
Переглядів 164Рік тому
Tired of being the last to know when routes are added and new code is deployed to your attack surface? In this video, our team shows you how to achieve early discovery and continuous visibility of your entire attack surface and productive collaboration with your development team with StackHawk's GitHub Insights. ✅Discover apps for testing from the inside out: Ensure you're testing all of your A...
StackHawk Office Hours: Eric Potter and the Sorcerer's Token
Переглядів 112Рік тому
Ever wished you had a spell to unlock the secrets of authenticated scanning? Well, 🪄ALOHOMARA🪄 Watch this office hours session as our very own Wizard Potter unlocks the door to the Chamber of Secrets and guides you out of the Deathly Hallows! Resources mentioned: Slide deck: docs.google.com/presentation/d/196YRJ3HhytNR9IZ3wLWcjh0uY2jf1wAUL_9u_8Ii4q8/edit?usp=sharing Authentication Docs: docs.st...
How to Shift Left: People, Process, Technology
Переглядів 722Рік тому
StackHawk CSO, Scott Gerlach and PagerDuty Security Engineer, James Berthoty, share their experiences, and points of view on how to actually shift left-and why the current state isn’t working. 🧠Watch to learn: ✅ What a shift-left process might look like in your organization ✅ How to involve the right people ✅ What to look for in technology
StackHawk Office Hours: Automate Security Testing to Secure Your Summer Vacay
Переглядів 188Рік тому
StackHawk Office Hours: Automate Security Testing to Secure Your Summer Vacay
Scaling Security Across a Herd of Applications
Переглядів 95Рік тому
Scaling Security Across a Herd of Applications
StackHawk Teams: Secure Your Entire Flock
Переглядів 106Рік тому
StackHawk Teams: Secure Your Entire Flock
Policy Management: Speed Up Security Tests and Cover Special Cases
Переглядів 81Рік тому
Policy Management: Speed Up Security Tests and Cover Special Cases
StackHawk and GitHub CodeQL Integration Webinar
Переглядів 131Рік тому
StackHawk and GitHub CodeQL Integration Webinar
StackHawk Office Hours: GitHub Pull Request Checks
Переглядів 120Рік тому
StackHawk Office Hours: GitHub Pull Request Checks
Deeper GraphQL Security Testing Webinar
Переглядів 287Рік тому
Deeper GraphQL Security Testing Webinar
GitHub Pull Request Checks: Security Testing in GitHub Workflows Webinar
Переглядів 362Рік тому
GitHub Pull Request Checks: Security Testing in GitHub Workflows Webinar
Automate WebApp Security Testing using GitHub Actions || TestJS Summit 2022
Переглядів 358Рік тому
Automate WebApp Security Testing using GitHub Actions || TestJS Summit 2022
GitHub Pull Request Checks with StackHawk
Переглядів 25 тис.Рік тому
GitHub Pull Request Checks with StackHawk
Deeper API Security Test Coverage Webinar
Переглядів 244Рік тому
Deeper API Security Test Coverage Webinar
Deeper API Security Test Coverage Office Hours
Переглядів 221Рік тому
Deeper API Security Test Coverage Office Hours
25:52 Start for Zap
hello?
👋
*Promo sm*
awesome demo, great work @Zachary, just loved it!!
Glad you liked it!
what is the command to run the saved plan in windows command prompt?
This video looks like it was recorded on a wide-screen monitor and it makes it very difficult to view the recording. Even at 720p and expanded on my wide-screen monitor the recording was quite hard to view.
We appreciate the feedback and will work on improving the quality of these engineering demos!
looking forward to try this tool ! PS: zoom in more to the screen, text is barely visible
Thanks for watching and letting us know! We'll work on improving the quality of these demos 👍
for authenticated scan, how to add user credential into yaml file?
different circumstances call for a different measure..... hello for Simon
kawkaw
Hello Omar, it's a very nice video. I am trying this on windows 10 using zip file. I have downloaded the zip file and unzip it and configured the path variable. After this when I goto cmd and type the command hawk init it is giving 'hawk' is not recognized as an internal or external command, operable program or batch file. Will you please help with this?
same as me.
hope these videos will lead me to reach my goal!
where is the automation lol eveything is doing manualy
Can do through zest owasp.. Easier
You test it manually first, to ensure that you have the right configuration, settings, and scan performance. After that you extract your settings into a YAML, and then you run it with just one statement from the command line. That one line command can be piped through ansible, ci/cd, post-hooks, etc. The video is a comprehensive process to empower you to automate. Please tell me if you are still missing the automation part.
Actually i ended up using zap from archerysec as module
i still can't understand how to implement zap as a dast in a pipeline except with some basic scan
Is there a way for Attack mode to not freeze up ?
For some reason it keeps telling me that stackhawk.yml is not found in /hawk. Anyway I can fix this?
I got it
Please keep it up. Wow, you need to research P-R-O-M-O-S-M!
09:15 start
Greetings from Nigerian Delta State! Awesome video.
Only song no voice audio after 5:10
Note that the automation add-on with these changes in has now been published on the ZAP Marketplace. You can install or update it via the "Manager Add-ons" button on the main ZAP desktop toolbar.
can you share website
cool , great session.
Zap and StackHawk for the win!
Can you enable subtitles?
Sorry - we don't have subtitles for this video. Wish we could!
hi
osm presentation !!
hello, you dont explain what are you scanning. Is it network, is it source code? Do you support windows? source command is not available on windows. I wish you explain a bit more the environment where stackhawk is running. For someone completely new, the getting started just added to the confusion of how stackhack works or what it does.
Great questions. When we recorded this, we didn't have the documentation set up for windows, but we do now. docs.stackhawk.com/hawkscan/running-hawkscan.html I also updated the text in the Description to talk a bit more about what StackHawk does. Basically we are scanning running web applications from the outside in looking for Application Security Vulnerabilities!
Glad to see you using your Google account Mr. Gerlach. 😁