Skip to main content

StackHawk adds Business Logic Testing (BLT) to its AppSec platform menu

Runtime testing platform provider StackHawk today announced it is adding BLT (Business Logic Testing) to its AppSec menu. This new testing capability addresses business logic flaws such as broken object level authorization (BOLA) that an OWASP report said account for 34% of security breaches, the company said in its announcement.

The new functionality was built for AI, in that it can identify BOLA and broken function level authorization security concerns that SAST and DAST tools cannot. The only option for AppSec teams has been to do manual penetration testing, but that can’t keep up with the speed of modern software development. With pen testing, a surface scan is run to spot obvious problems, but to make associations – does this go with this – is expensive, and with the speed of today’s software iteration cycles, testers could face burnout.

“What’s exciting about what AI is enabling us to do is take that kind of human brain of what is this API supposed to be doing, this application… and using that to understand how we can test it to make sure it’s behaving the right way?,” Scott Gerlach, CSO and co-founder of StackHawk, told SD Times in an interview.  “It’s not only are we making sure that we don’t have any SQL injection and command injection, those kinds of problems, but also in the case of an API that, for instance, has a password reset, making sure that I can’t reset your password. Both of those things look kind of the same when you define them in code, but making sure that I can’t reset your password is the thing that you can only test when that API is running.”

The probabilistic nature of AI allows users to understand the structure and behavior of an API, while then making the deterministic finding of whether it is broken or not, Gerlach explained.

Among the features in StackHawk BLT are the ability to test for vulnerabilities from a configuration of multiple user roles; and to generate intelligent test sequences from OpenAPI specifications without manual configuration of test flows. According to the company announcement, “StackHawk understands how your APIs relate: what order endpoints should be called, what data from one response feeds into the next request, and how to generate contextually appropriate test data.”

Further, the platform offers a visual view of test sequences to find the chain of steps to discovery of business logic flaws.

StackHawk, Gerlach told SDTimes, specializes in being able to integrate into the automation cycle and see what has changed. “So now this whole understanding of the business intention of that API also changes, and that also changes what the testing engine then goes to try to test. And again, is it broken or not?”

The post StackHawk adds Business Logic Testing (BLT) to its AppSec platform menu appeared first on SD Times.



from SD Times https://ift.tt/pcWlw8J
Labels:

Comments

Post a Comment

Popular posts from this blog

A guide to data integration tools

CData Software is a leader in data access and connectivity solutions. It specializes in the development of data drivers and data access technologies for real-time access to online or on-premise applications, databases and web APIs. The company is focused on bringing data connectivity capabilities natively into tools organizations already use. It also features ETL/ELT solutions, enterprise connectors, and data visualization. Matillion ’s data transformation software empowers customers to extract data from a wide number of sources, load it into their chosen cloud data warehouse (CDW) and transform that data from its siloed source state, into analytics-ready insights – prepared for advanced analytics, machine learning, and artificial intelligence use cases. Only Matillion is purpose-built for Snowflake, Amazon Redshift, Google BigQuery, and Microsoft Azure, enabling businesses to achieve new levels of simplicity, speed, scale, and savings. Trusted by companies of all sizes to meet...
1 comment
Read more

10 Simple Image Slider HTML CSS JavaScript Examples Neeraj Mishra The Crazy Programmer

Slider is a very important part of any website or web project. Here are some simple image slider examples that I handpicked from various sites. These are built by different developers using basic HTML, CSS, and JavaScript. Some are manual while others have auto-slide functionality. You can find the source code for each by clicking on the code button or on the image. 1. Very Simple Slider Demo + Code 2. Popout Slider Demo + Code 3. Really Simple Slider Demo + Code 4. Jquery Simple Slider Demo + Code 5. Manual Slideshow Demo + Code 6. Slideshow Indicators Demo + Code 7. Simple Responsive Fullscreen Slider Demo + Code 8. Responsive Image Slider Demo + Code 9. Simple Image Slider Demo + Code 10. Slicebox – 3D Image Slider Demo + Code I hope these simple image sliders are helpful for you. For any queries, you can ask in the comment section below. The post 10 Simple Image Slider HTML CSS JavaScript Examples appeared first on The Crazy Prog...
Post a Comment
Read more

2022: The year of hybrid work

Remote work was once considered a luxury to many, but in 2020, it became a necessity for a large portion of the workforce, as the scary and unknown COVID-19 virus sickened and even took the lives of so many people around the world.  Some workers were able to thrive in a remote setting, while others felt isolated and struggled to keep up a balance between their work and home lives. Last year saw the availability of life-saving vaccines, so companies were able to start having the conversation about what to do next. Should they keep everyone remote? Should they go back to working in the office full time? Or should they do something in between? Enter hybrid work, which offers a mix of the two. A Fall 2021 study conducted by Google revealed that over 75% of survey respondents expect hybrid work to become a standard practice within their organization within the next three years.  Thus, two years after the world abruptly shifted to widespread adoption of remote work, we are dec...
Post a Comment
Read more