How We Built HawkAI to Protect Your Data
StackHawk
by Scott Gerlach
3d ago
We’re thrilled to offer customers the power of AI to maximize efficiency, and protecting customer data will always be our top priority. Our AI technology, HawkAI, conducts a non-intrusive analysis of your code repositories, ensuring your source code remains private and secure. HawkAI prioritizes data privacy by adhering to strict principles: No source code, sensitive data, or PII data is shared with third parties. No LLM Training: We don't use your data to train large language models. Code Integrity: HawkAI does not send code contents to 3rd parties. This ensures a powerful and secure ..read more
Visit website
Spring Content Security Policy Guide: What It Is and How to Enable It
StackHawk
by StackHawk
1w ago
The Content Security Policy (CSP) is a security standard that helps protect and mitigate content injection attacks such as cross-site scripting (XSS), clickjacking, and more. You can use it to protect your Spring web applications by enabling specific HTTP headers. These headers enable web browsers to prevent attackers from injecting malicious code into the input data of a form, including URL parameters, field values, and other components. Cross-site scripting (XSS) is the most common type of content injection attack. It occurs when a website accepts user data without adequate validation, filte ..read more
Visit website
Kotlin XSS Guide: Examples and Prevention
StackHawk
by StackHawk
2w ago
A Kotlin web application that is vulnerable to cross-site scripting, or XSS, has weak points through which users can inject JavaScript code. Such weak points exist in web applications that accept user input. For example, you can find these kinds of weak points in online forums that allow users to post comments.  XSS is a common web application security vulnerability. It can lead to some serious issues like the exposure of sensitive user data stored in cookies.  In this post, we'll take a look at some examples of Kotlin XSS attacks. In addition, we'll look at how to prevent XSS attack ..read more
Visit website
Finding and Fixing BFLA Vulnerabilities in NodeJS With StackHawk
StackHawk
by StackHawk
3w ago
For developers striving to build secure APIs, Broken Function Level Authorization (BFLA) is a crucial vulnerability demanding meticulous attention. BFLA belongs to the OWASP API Security Top 10 list and can pave the way to unauthorized access and manipulation of functionality within your API, compromising the overall integrity of your system. This occurs when applications lack adequate authorization checks focused on specific functions or features. This weakness enables attackers to manipulate calls to endpoints to which they shouldn't have access, potentially escalating access to functions re ..read more
Visit website
Kotlin SQL Injection Guide: Examples and Prevention
StackHawk
by StackHawk
3w ago
SQL, or in full, Structured Query Language, are sets of instructions (queries) that developers can use to interact with databases. Databases can be SQL or NoSQL, and the latter may or may not support SQL-like queries. Examples of SQL databases include MySQL, Oracle, PostgreSQL, and Microsoft SQL Server.  SQL queries for reading or manipulating data look very similar to plain English. For example, the query SELECT * FROM users means, SQL should fetch data from the users table. The symbol * in the query means select all columns.  SQL is a very powerful tool for developers and database ..read more
Visit website
Discover the Best API Discovery Tools in 2024
StackHawk
by StackHawk
1M ago
Selecting the right API discovery tools plays a huge role in API integration, API management, and many other areas where understanding your entire API portfolio is critical. These tools can help ensure that every API connected to your organization is discovered and cataloged, which is a major part of ensuring that APIs are secure. Without understanding every aspect of your organization's APIs, it's hard to keep them compliant, secure, and well-utilized. This guide will examine how API discovery can streamline many parts of your workflow. We will demystify and compare the top API discovery tool ..read more
Visit website
How API Discovery Empowers AppSec Professionals and Fuels Innovation
StackHawk
by Nicole Jones
1M ago
As application security (AppSec) professionals, we understand the constant struggle to secure our ever-expanding digital landscapes. APIs often become blind spots, creating sleepless nights and doubts in our attack surface coverage.  But there is a solution— adopting a continuous API discovery process. One that doesn’t involve manually tracking down API endpoints.  Owning Your API Attack Surface Imagine a world where: Security Audits Become a Breeze: No more scrambling to identify in-scope APIs. A comprehensive inventory streamlines security assessments. Developers Get What They ..read more
Visit website
StackHawk Secures Top Honor in 2024 Global Infosec Awards at RSA 2024
StackHawk
by StackHawk
1M ago
DENVER, May 6, 2024 -- StackHawk, the company making application security testing part of software delivery, today announced that the company was named winner of ‘Most Innovative API Security’ in the 12th Annual Global Infosec Awards at RSA 2024. These prestigious global awards, by Cyber Defense Magazine, recognize innovators with compelling value propositions for their products in competitive infosecurity industries. Built for modern engineering teams, StackHawk has reimagined API security testing by empowering developers to find and fix security vulnerabilities during their traditional build ..read more
Visit website
Node.js CSRF Protection Guide: Examples and How to Enable It
StackHawk
by StackHawk
1M ago
CSRF, or cross-site request forgery, is one of the most notoriously difficult exploits to mitigate in the world of development. Not only are these attacks everywhere on the web, but their potential for damage is quite astounding. This is why it's so important for people to be aware of their presence and to know how to protect their systems.  The purpose of this article is to serve as a starting point for developers in general and Node.js engineers in particular for CSRF protection. We will briefly explain what cross-site request forgery is, list some examples of CSRF attacks that you migh ..read more
Visit website
Re-Defining API Discovery: How We Designed API Discovery Powered by HawkAI
StackHawk
by Scott Gerlach
1M ago
At StackHawk, we've helped countless customers find tremendous value in our API security testing capabilities. We are repeatedly chosen for our ability to comprehensively test APIs and seamlessly automate testing within their CI/CD pipelines. However, a recurring theme has emerged: customers are only uncovering a fraction of their total attack surface. Our internal analysis of code repositories reveals that many security teams are not testing and are potentially unaware of a significant portion of their APIs. The fast pace of software development makes it difficult for security to keep up, cre ..read more
Visit website

Follow StackHawk on FeedSpot

Continue with Google
Continue with Apple
OR