Introducing GitHub Insights, Latest Solution to Combat Growing Threat to APIs

By Scott Gerlach, CSO – StackHawk

The accelerated demand for software applications and application programming interfaces (APIs) across industries has caused organizations’ attack surfaces to become larger than ever before. Most modern organizations continue to struggle with sustaining adequate visibility over their key software components. It’s no secret that the constant influx of new APIs, combined with the responsibility of maintaining security coverage for existing ones, is straining AppSec teams and leaving APIs susceptible to potential risks. In fact, a recent Salt Security study found that 4,845 attackers targeted APIs in December 2022 alone, resulting in a 400% increase compared to earlier in the same year, and 94% of respondents had experienced some security issue with their production APIs. These alarming numbers are likely because a mere 12% of respondents deploy ‘advanced API security strategies’ and 30% admitted that they lack an API security strategy of any level. To address these common and emerging pain points in the industry Stackhawk, an API security testing company, recently introduced GitHub Insights to offer developers and security teams modernized API security with enhanced visibility and full control of an organization’s attack surface.

GitHub Insights – Here’s How it Works

GitHub Insights is StackHawk’s latest feature that offers security teams continuous discovery and visibility into their organization’s threat landscape, allowing them to identify gaps in coverage, align security testing with the rapid pace of software development, and work more closely with the engineers writing the code.  By seamlessly integrating with GitHub repositories, this new feature eliminates blind spots and fosters efficient collaboration between security and engineering teams. Instead of manually tracking and testing hundreds or thousands of APIs, GitHub Insights provides software developers with visibility into their API threats from every possible angle, allowing companies to be hyper-aware of vulnerabilities and bugs before they disrupt business operation and product development timelines, a critical asset with teams launching and retiring APIs and software applications daily. With GitHub Insights, users will be able to efficiently coordinate security testing and new software development, identify gaps and blind spots in API coverage, allow security teams to work more effectively and collaboratively with software engineers, and maximize productivity by coordinating security testing in the early stages of software development.

How GitHub Insights Addresses API Security Pain Points

Since it’s nearly impossible for organizations to protect themselves from threats they can’t see, StackHawk’s GitHub Insights provides heightened visibility so that teams can coordinate the implementation of effective security measures when new APIs are added or old ones are retired, and allow teams to observe if any current security measures need to be altered. This visibility gives teams the upper hand in catching deficiencies – a game changer in today’s world with the rapid development of new API routes.

Here’s how StackHawk’s GitHub Insights addresses these common pain points:

• Code-based API discovery: Traditional discovery tools have to rely on web traffic to identify API routes; however, with StackHawk’s GitHub Insights, organizations can discover APIs at the source code level. This feature enables teams to assess their complete API catalog prior to production release.
• Continuous visibility: Stackhawk’s GitHub Insights examines the API layer, links its discoveries to the source code, and offers thorough insights regarding the ongoing development, contributors, and testing frequency. This helps ensure that security measures keep pace with fast software development, granting organizations complete visibility into their attack surfaces and API security posture.
• Bridging the gap between developers and security experts: Stackhawk’s GitHub Insights fosters collaboration between security and developer teams by establishing connections between testable APIs and their associated codebases and teams. As a result, security teams can quickly identify and assign accountability for resolving issues as they occur and identifying suitable collaborators for testing new APIs.

Looking Ahead with GitHub Insights?

The recent rise in API adoption has expanded organizations’ attack surfaces, creating holes and blind spots in software development processes and leaving businesses vulnerable to API-focused attacks. Ineffective collaboration around API development, testing and maintenance has put organizations at risk, as many struggle to keep pace with proper security testing to match their rapidly increasing APIs, resulting in the potential for data breaches and malicious access to sensitive information. StackHawk’s launch of GitHub Insights not only helps proactively safeguard against API-related threats and vulnerabilities by giving organizations a holistic view into their entire attack surface but also creates a stronger dynamic within developer and security teams for a more cohesive and effective API security strategy.

About the Author

Scott Gerlach is the CSO at StackHawk. Scott has more than 20 years of experience in information security. Scott is a passionate Security Officer with expertise in identifying security gaps and working with companies to develop safe and effective policies and procedures to mitigate those risks. His expertise spans developing, implementing, and managing IT security strategy and policy, risk management, intrusion detection, vulnerability assessment, network security design, application security and incident response. Prior to founding StackHawk, he was CSO at Twilio. He also spent nearly a decade in security at GoDaddy. To learn more about StackHawk please visit: www.stackhawk.com