Product

BLOG

How Does StackHawk Work?

StackHawk helps teams ship secure software faster and eliminate disruptive fix processes.

Our Product

Explore Stackhawk

Explore Stackhawk

Purpose-built for todays modern engineering teams

Watch a Demo

Watch a Demo

See StackHawk in flight

Getting Started

Getting Started

Gain AppSec insights from expert articles and fix guides

Solutions

API Discovery

API Discovery

Find every API in your attack surface in 15 minutes. Quickly bring them under test with automated prioritization for the most critical APIs and gain complete oversight of your attack surface.

Solutions

API Discovery

Discover every API in your attack surface

Oversight

Centralized API & Application Security Management

Modern DAST

Automate application and API security testing in CI/CD workflows

Getting Started With AppSec

Test early, test often, and deliver secure applications

DevSecOps

Application security at the speed of DevOps

API Security Testing

Ship secure APIs with automated testing in CI/CD

Developer-First AppSec

Scale application security through engineering

OWASP Top 10

Testing for OWASP top 10, automated in CI/CD

GraphQL Security Testing

Check for GraphQL vulnerabilities on every pull request

gRPC Security Testing

Keep your gRPC services secure with automated security testing

Integrations Caret Down

Integrate with your existing tools and workflows

Purpose-built to integrate with the third-party tools, workflows, and processes in your developer environment.

Integrations

GitHub

GitHub

Integrate security testing in developer workflows Right Arrow Icon

Snyk

Snyk

Correlate Dynamic DAST and SAST Results Right Arrow Icon

AWS

AWS

Integrate into your AWS Environment Right Arrow Icon

Atlassian

Atlassian

StackHawk data can be viewed in the new Security tab in Jira Right Arrow Icon

Microsoft

Microsoft

Integrate security testing in your Microsoft ecosystem Right Arrow Icon

Customers

Our Hawksome Customers

"With StackHawk, our scanning timeframes have decreased from days and hours to minutes."

Explore Featured Stories

Change.org

Change.org Brings in Dev-First Security Solutions to Improve Security Posture Right Arrow Icon

One Medical

One Medical Automates Application Security Testing with StackHawk Right Arrow Icon

Planetly

Planetly Selects StackHawk Over Building Internal Service Right Arrow Icon

Breathe Life

Breathe Life Deploys StackHawk and Snyk for a Dev-Centric Application Security Program Right Arrow Icon

Docs

StackHawk + GitHub

StackHawk + GitHub

Begin your StackHawk journey to safer, faster, and more secure software.

Hawkdocs

Getting Started

Getting Started

Learn how to start scanning your application or API

StackHawk API

StackHawk API

Explore the StackHawk API and start integrating today

Integrations

Integrations

Integrate with the most popular developer tools

StackHawk Platform

StackHawk Platform

Identify, investigate, and triage security bugs in one place

Authentication

Authentication

Effectively scan authenticated routes and API endpoints in your application

Resources

BLOG

Dynamic Application Security Testing: Overview and Tooling

DAST is a form of testing running applications & APIs to find security bugs.

Resources

Maturity Model

Maturity Model

The Shift-Left Maturity Model

Watch a Demo

Watch a Demo

See StackHawk in flight

Blog

Blog

Gain AppSec insights from expert articles and fix guides

Getting Started

Getting Started

Get up and running with StackHawk CLI and HawkScan in minutes

Press Room

Press Room

Catch up on the latest news in the Nest

About

About

Kaakaww!! Meet the our Hawksome team and check out our job board

StackHawk Onboarding #2:
Authenticated Scanning

ryan-severns

ryan-severns

Ryan Severns|September 2, 2020

Our onboarding guide walking you through how to get started with application security testing with StackHawk.

Getting Started with StackHawk

To help you get started, we have written this onboarding guide with all the tips and tricks about getting up and running with StackHawk. This post covers how to set up authenticated scanning, and will link to the next steps.

onboarding-2-authenticated-scanning-img-1 image

onboarding-2-authenticated-scanning-img-1 image

Authenticated Scanning

Now that you’ve sorted out the basic configuration, it’s time to configure authenticated scanning.

For many web applications, your most important information from a security perspective will live behind a login screen. StackHawk supports the following types of automated authentication for security testing:

Username/Password Authentication + Cookie Authorization
Username/Password Authentication + Bearer Token Authorization
External Token Authentication + Custom Token Authorization

Our documentation has all of the details, including examples, of how to build out your authenticated scans.

Next Up: how to triage and fix the findings from your scan.

As always, we are here to help at support@stackhawk.com.

Ryan Severns | September 2, 2020

Read More

Add AppSec to Your CircleCI Pipeline With the StackHawk Orb

Add AppSec to Your CircleCI Pipeline With the StackHawk Orb

Add AppSec to Your CircleCI Pipeline With the StackHawk Orb

Application Security is Broken. Here is How We Intend to Fix It.

Application Security is Broken. Here is How We Intend to Fix It.

Application Security is Broken. Here is How We Intend to Fix It.

Using StackHawk in GitLab Know Before You Go (Live)

Using StackHawk in GitLab Know Before You Go (Live)

Using StackHawk in GitLab Know Before You Go (Live)