

BLOG

How Does StackHawk Work?

StackHawk helps teams ship secure software faster and eliminate disruptive fix processes.

Read Now

Our Product

Explore StackHawk

Purporse-built for todays modern engineering teams

Watch a Demo

See StackHawk in flight

Getting Started

Gain AppSec insights from expert articles and fix guides

Solutions

API Discovery

Find every API in your attack surface in 15 minutes. Quickly bring them under test with automated prioritization for the most critical APIs and gain complete oversight of your attack surface.

Get Started for Free

Solutions

API Discovery

Discover every API in your attack surface

Oversight

Centralized API & Application Security Management

Modern DAST

Automate application and API security testing in CI/CD workflows

Getting Started With AppSec

Test early, test often, and deliver secure applications

StackHawk for HealthTech

Secure HIPPA Data and Maintain Trust with StackHawk

StackHawk for Financial Services

Move Beyond GLBA and SOX Checkboxes

DevSecOps

Application security at the speed of DevOps

API Security Testing

Ship secure APIs with automated testing in CI/CD

Developer-First AppSec

Scale application security through engineering

OWASP Top 10

Testing for OWASP top 10, automated in CI/CD

GraphQL Security Testing

Check for GraphQL vulnerabilities on every pull request

gRPC Security Testing

Keep your gRPC services secure with automated security testing

Integrations

Integrate with your existing tools and workflows

Purpose-built to integrate with the third-party tools, workflows, and processes in your developer environment.

See All Integrations

Integrations

GitHub

Integrate security testing in developer workflows

Snyk

Correlate Dynamic DAST and SAST Results

AWS

Integrate into your AWS Environment

Atlassian

StackHawk data can be viewed in the new Security tab in Jira

Microsoft

Integrate security testing in your Microsoft ecosystem

Customers

Our Hawksome Customers

"With StackHawk, our scanning timeframes have decreased from days and hours to minutes."

Change.org Brings in Dev-First Security Solutions to Improve Security Posture

Health Tech

Health Tech Leader Automates Application Security Testing with StackHawk

Financial Services

FinTech leader secures Fortune 100 customer data with StackHawk's shift-left API security

Industrial Automation

Leader in Industrial Automation ditches Legacy DAST for Modern API Security Testing

Docs

StackHawk + GitHub

Begin your StackHawk journey to safer, faster, and more secure software.

Start The Tutorial

Hawkdocs

Getting Started

Learn how to start scanning your application or API

StackHawk API

Explore the StackHawk API and start integrating today

Integrations

Integrate with the most popular developer tools

StackHawk Platform

Identify, investigate, and triage security bugs in one place

Authentication

Effectively scan authenticated routes and API endpoints in your application

BLOG

Dynamic Application Security Testing: Overview and Tooling

DAST is a form of testing running applications & APIs to find security bugs.

Read Now

Resources

Maturity Model

The Shift-Left Maturity Model

Watch a Demo

See StackHawk in flight

Blog

Gain AppSec insights from expert articles and fix guides

Getting Started

Get up and running with StackHawk CLI and HawkScan in minutes

About

Kaakaww!! Meet our Hawksome team and check out our job board

All Resources

Discover a variety of resources, from ebooks to webinars.

Get A Demo

Monthly Newsletters

September Newsletter: Custom Authentication Scripts, StackHawk + Semgrep Webinar, and More!

Rebecca Warren | Sep 30, 2021

The Changelog: New Features to Kaakaww About

Authentication Support Level Up ⬆️

We know that getting authentication configured correctly can be tricky. And, we know that no two authentication scenarios are the same.

That’s why we have introduced custom authentication scripts.

Whether you need to customize your auth for scanning APIs, running in test environments, or supporting token timeouts, you can now customize the StackHawk YAML to support your specific auth scenario.

Read the Docs

Starting in 60 Minutes!

Tune in at 10 AM PT today as Clint Gibler, Head of Security Research at r2c, and Scott Gerlach, Chief Security Officer at StackHawk, dive into what’s new with application security tooling.

They will talk about the trends impacting security right now and give a live demo showing how to run StackHawk and Semgrep in CI/CD.

Save Your Spot

API-Driven App Adds Now In Beta

Modern software delivery teams want to leverage automation to make application security testing as efficient as possible, especially if they have a large number of apps or microservices that require testing.

That’s why we are exposing the StackHawk API so teams can add applications to StackHawk without ever entering the Web UI.

We are putting the polish on this feature and are looking for beta testers. If your team has tons of apps or microservices you are looking to test, register to be part of our public beta!

Other Happenings

📺Hawk Talks

[Podcast] Web Security w/ Scott Gerlach on Web Perspectives
[From the Archives] ZAP Deep Dive: The Sites Tree
[From the Archives] ZAP Deep Dive: Report Generation

📖 Reading Material

NodeJS Command Injection: Examples and Prevention
Golang Content Security Policy Guide: What It Is and How to Enable It
[From the Archives] Application Security Observability
[From the Archives] How Security-Based Development Should Work

📽 Virtual Events

October 5-7: DevOps Enterprise Summit
October 5-7: SnykCon
October 12: CTO Summit – Improving AppSec
October 13-15: KubeCon + CloudNativeCon
October 20-21: Vue.js
October 22 & 25: React Advanced London
October 26-28: API World

💼Jobs @ StackHawk

Test Automation Engineer
Solutions Architect
Developer Advocate
Head of Marketing

❤️ Give Us Some Love

Share the goodness of developer-centric application security. We are always grateful for recommendations and referrals! We’d love for you to share StackHawk with your friends and colleagues, or leave us a review on g2 .

July Newsletter 2022: GitHub CodeQL Integration, G2 Awards, and more!

Jul 29, 2022 | Monthly Newsletters

The hottest news in the hawk’s nest includingGitHub CodeQL Integration, G2 Awards, and more!

June Newsletter 2022: New additions to third-party auth, deeper REST scanning, and more!

Jun 30, 2022 | Monthly Newsletters

The hottest news in the hawk’s nest including new additions to third-party auth, deeper REST scanning, and more!

May Newsletter: API Access to Scan Data, Seed Paths, and More!

May 31, 2022 | Monthly Newsletters

The hottest news in the hawk’s nest including API Access to Scan Data, Seed Paths, and More!

Security Testing for the Modern Dev Team

See how StackHawk makes web application and API security part of software delivery.

Watch a Demo

StackHawk provides DAST & API Security Testing

Get Omdia analyst’s point-of-view on StackHawk for DAST.

"*" indicates required fields

BLOG

How Does StackHawk Work?

Our Product

Explore StackHawk

Watch a Demo

Getting Started

API Discovery

Solutions

API Discovery

Oversight

Modern DAST

Getting Started With AppSec

StackHawk for HealthTech

StackHawk for Financial Services

DevSecOps

API Security Testing

Developer-First AppSec

OWASP Top 10

GraphQL Security Testing

gRPC Security Testing

Integrate with your existing tools and workflows

Integrations

GitHub

Snyk

AWS

Atlassian

Microsoft

Our Hawksome Customers

Explore Featured Stories

Health Tech

Financial Services

Industrial Automation

StackHawk + GitHub

Hawkdocs

Getting Started

StackHawk API

Integrations

StackHawk Platform

Authentication

BLOG

Dynamic Application Security Testing: Overview and Tooling

Resources

Maturity Model

Watch a Demo

Blog

Getting Started

About

All Resources

Get A Demo

BLOG

How Does StackHawk Work?

Our Product

Explore StackHawk

Watch a Demo

Getting Started

API Discovery

Solutions

API Discovery

Oversight

Modern DAST

Getting Started With AppSec

StackHawk for HealthTech

StackHawk for Financial Services

DevSecOps

API Security Testing

Developer-First AppSec

OWASP Top 10

GraphQL Security Testing

gRPC Security Testing

Integrate with your existing tools and workflows

Integrations

GitHub

Snyk

AWS

Atlassian

Microsoft

Our Hawksome Customers

Explore Featured Stories

Health Tech

Financial Services