Changelog
Tracking updates to the StackHawk platform and HawkScan since 2019
June 29, 2020
HawkScan (0.7.2)
Header Replacer Support
Enables manipulation of request headers to better support apps running behind a proxy
GraphQL Config Section
Support for tuning the GraphQL introspection process
Rate Limiting Controls
Provides more control over the aggressiveness of the scanning capability
Kotlin Scripting Support
ZAP open source contribution for Kotlin support
Passthrough Config Support for ZAP
Supports advanced ZAP configuration via StackHawk YAML
GraphQL Introspection
More support for enumeration types and improvements to the test query builder
Flexible logging control for ZAP
Adds support for debug logging
Transparent localhost proxy instead of url rewriting
Better support for scanning localhost networking scenarios and reverse proxies
June 19, 2020
StackHawk Platform
Paths tab
Assess completeness of scans by reviewing all paths scanned by HawkScan
Integrations
New links to Concourse CI and Github Actions HawkDocs
Findings Management
Bulk controls UI improvements, findings table UI improvements, and findings are sorted alphabetically
Findings Management Alert Rules
Alert rules are now specific to request method
Scans Table
Pagination controls are accessible at the top of the Scans table
This Announcement Panel!
See specific changes for HawkScan and StackHawk platform
Applications Page Results
See up to 100 applications on Applications page
Invite users popup UX fixes
URI Truncation
URI truncation in many places throughout the application for readability
Validate Findings
curl command generated with double quotes around request body
June 6, 2020
HawkScan (0.6.14)
Terminal Output
Scan progress is now printed to the terminal output
GraphQL Querying Improvements
June 5, 2020
StackHawk Platform
StackHawk Authentication
Log in using any email via StackHawk authentication, or OAuth via Google and Github
Findings Management
Take action from the Findings Management right panel for triaging your application’s security vulnerabilities
App Creation Wizard
Add missing escape characters to downloaded StackHawk.yml from App Creation Wizard
May 29, 2020
StackHawk Platform
This Announcement Panel!
Announcement panel is a source for release notes, social links, docs and submitting feedback
Findings Management
Users may now triage scan findings by marking them as Assigned, Risk Accepted or False Positive
Scans List Table
As part of Findings Management, the scan list will now reflect new findings (not yet triaged) and a count of triaged findings
Browser Support and Logout Notification
Users on unsupported browsers will see a new informational page, and users logged out due to inactivity will be notified via toast notification
Faster Performance for Scan Findings Display
May 14, 2020
HawkScan (0.6.6)
Support for GraphQL Union and Interface Types
Support OpenAPI and Graphql API Scanning with same Config and App
HawkScan now supports configuration for customers that utilize both OpenAPI spec and GraphQL API scanning
Gitlab DAST Report Updates
Customers utilizing the StackHawk integration with Gitlab will now see findings updated in their report dashboard.
May 8, 2020
StackHawk Platform
Curl Attack Regenerator
Users may quickly validate a finding by clicking the “Recreate” button. This generates a curl command that a user may paste into their terminal in debug mode and quickly recreate an attack
Improvements to the Getting-Started Page Navigation
Scan List Pagination
Improvements to Mobile Styling
May 8, 2020
HawkScan (0.6.4)
GitLab CI/CD Service Templates
May 4, 2020
StackHawk Platform
Advanced Slack Integration Configuration
You may now configure updates from specific applications to be sent to specific channels in Slack, ensuring that your teams are only getting updates about the applications relevant to their workflow