Penetration test

Auto Added by WPeMatico

StackHawk, the Denver-based bug-detecting service, hires developer of open-source project Zed Attack Proxy

StackHawk, the Denver-based software startup offering service to detect and fix security bugs, is doubling down on its support for the popular open-source OWASP Zed Attack Proxy web app security scanner by bringing on board its founder, Simon Bennetts.

At StackHawk, Bennetts will continue to focus on the development of the open-source project, which the company said is among the world’s most frequently used security scanning tools.

StackHawk already uses the open-source project for its underlying scanning technology and has built a business by layering on security test automation, integrations with development tools and functionality for new development paradigms. 

“Since founding ZAP, the vision has always been to deliver application security to developers,” Bennetts said, in a statement. “While the project has been widely adopted by security teams and pen testers, I’m excited to work with a team dedicated to delivering our original vision of AppSec for devs and that also believes in growing the open source community.” 

StackHawk founders Joni Klippert, Scott Gerlach and Ryan Severns and Bennetts found common cause in their belief that bug-editing tools are too often built for external enterprise security teams instead of the developers who are closest to the apps they’re building.

“Simon’s work on the ZAP project has both changed the security and open-source worlds for the better. It became clear that we were highly aligned in our mission to bring application security into the hands of developers,” said Klippert, the chief executive and founder of StackHawk, in a statement. “Simon joining the StackHawk team provides an exciting opportunity to invest more in the ZAP open source project, while also building capabilities that make it easy for enterprise development teams to streamline AppSec into their CI/CD pipelines.” 

In the eleven years since Bennetts first began working on ZAP, the OWASP Foundation-incorporated security scanner has become popular among the developer community for its dynamic application security testing.

After the hire, StackHawk said that nothing much will change. Bennetts will continue to work on the open-source project while the company will continue to build functionality around the scanner.

The Denver-based company has raised nearly $5 million in financing from investors including Flybridge, Costanoa Ventures, Matchstick Ventures and Foundry Group .

Powered by WPeMatico

For pen testing firm IOActive, security is cultural not transactional

IOActive may not be a household name but you almost certainly know its work.

The Seattle-headquartered company has been behind some of the most breathtaking hacks in the past decade. Its researchers have broken into in-flight airplanes from the ground and reverse engineered an ATM to spit out gobs of cash. One of the company’s most revered hackers discovered a way to remotely shock a pacemaker out of rhythm. And remember that now-infamous hack that remotely killed the engine of a Jeep? That was IOActive, too.

If it’s connected, they will bet that they can hack it.

IOActive has made a name for itself with its publicly reported findings, but its bread and butter is helping its corporate customers better understand how they approach security.

Since its founding more than two decades ago, the penetration testing and ethical hacking company now serves customers mostly in the Global 1000 largest companies to help assess and test their security posture.

“You can have the absolute most sophisticated alarm in the entire world, and I guarantee our team can break in,” said Jennifer Steffens, IOActive’s chief executive, in a call with TechCrunch. “But if you left your front door unlocked lock, hackers are going to walk right through”

“Don’t pay us to show you how to break into the alarm before someone learns how to lock the door,” she said.

Powered by WPeMatico