StackHawk enables security teams to enhance their API testing coverage, leading to improved SEO outcomes.
StackHawk has introduced a groundbreaking capability with its LLM-Driven OpenAPI Specifications, which automates the creation of API documentation directly from source code. This innovation empowers security teams to enhance their API testing coverage without needing to rely on developers. By analysing source code repositories and extracting API details using proprietary LLMs, StackHawk automatically generates accurate OpenAPI specifications. These specifications are essential for describing available API endpoints and functionalities, allowing Application Security (AppSec) teams to conduct intelligent vulnerability scans. Scott Gerlach, Co-Founder and Chief Security Officer at StackHawk, emphasised that this automation alleviates the bottleneck caused by developers manually writing and maintaining OpenAPI specs, thus enabling security teams to take immediate ownership of their testing initiatives.
In today’s digital landscape, APIs represent the primary attack surface for modern applications, making dynamic testing crucial for identifying exploitable vulnerabilities. Unlike traditional static scanning or perimeter defences, StackHawk’s Dynamic Application Security Testing (DAST) tools simulate real-world attacks to uncover issues such as broken authentication and excessive data exposure. However, accurate documentation is vital for initiating these tests. A recent StackHawk customer survey revealed that 85% of users identified the lack of OpenAPI specs as a significant barrier to effective API testing. The new feature from StackHawk addresses this challenge by continuously updating specifications directly from the codebase, ensuring comprehensive test coverage, even for low-traffic or dormant APIs. This capability not only reduces the engineering burden but also expands AppSec coverage without hindering development teams. Lake Sester noted that the results have exceeded expectations, highlighting the effectiveness of this innovative solution.
Categories: API Documentation Automation, Security Team Empowerment, Enhanced Vulnerability Scanning
Tags: LLM-Driven, OpenAPI Specifications, API Documentation, Security Teams, Vulnerability Scanning, Source Code, AppSec, Dynamic Testing, Automation, Shadow APIs