Twitter: @webpwnized
Thank you for watching. Please upvote and subscribe. StackHawk uses OWASP ZAP (Zed Attack Proxy) under the hood to scan web applications for vulnerabilities. The scanner works with web applications. The scanner crawls the web app with a spider and makes a list of the pages, functionality, links, and forms. The scanner identifies vulnerabilities in each of these resources then sends the results to the StackHawk dashboard. StackHawk allows easy integration into CI/CD pipelines. Developers can use OWASP ZAP for a completely free solution, but some development teams will find StackHawk worth the cost because of the integration with the DevSecOps pipeline.
