StackHawk’s mission is to empower developers to find and fix security bugs in their code by integrating security testing into the software development lifecycle. The company aims to shift security left, making it a proactive part of the development process rather than a reactive measure. StackHawk’s goal is to be a leading provider of automated security testing solutions for modern development teams, enabling them to build secure applications from the start.
StackHawk is recognized for its developer-friendly approach to application and API security. The company has built a reputation for providing tools that are easy to integrate into existing CI/CD pipelines, allowing for rapid identification and remediation of security vulnerabilities without slowing down development. Customer feedback frequently highlights the platform’s ease of use, the quality of its documentation, and the effectiveness of its support team.
Offerings, Capabilities, and Integrations
StackHawk is a software-as-a-service (SaaS) company that provides a platform for application and API security testing. Its core focus is on “shifting security left,” which means integrating security testing early in the software development lifecycle (SDLC). This developer-first approach empowers engineers to find, triage, and fix security vulnerabilities in their code before it reaches production. StackHawk’s platform is built for automation within CI/CD pipelines, allowing for continuous security testing that runs alongside traditional software testing workflows. This integration with developer tools and workflows is a key competitive edge, as it makes security a seamless part of the development process rather than a separate, time-consuming step. The company offers integrations with a variety of third-party tools, including GitHub, Snyk, AWS, Microsoft Azure, and Atlassian Jira, to enhance its capabilities and fit into existing development ecosystems.
Products and Services
StackHawk’s offerings are centered around Dynamic Application Security Testing (DAST) and API security testing. Its products are designed to work together to provide a comprehensive view of an application’s security posture.
- Modern DAST: StackHawk’s flagship product is its modern DAST tool, which automates application and API security testing in CI/CD workflows. It is designed to be fast and efficient, allowing developers to run scans on every pull request without slowing down development. The scanner, known as HawkScan, uses a YAML file for configuration and can be run as a Docker image.
- API Security Testing: The platform provides specialized testing for various API types, including REST, GraphQL, SOAP, and gRPC. It helps developers ship secure APIs by automating vulnerability testing in the CI/CD pipeline.
- API Discovery: This service analyzes an organization’s source code repositories to discover the complete API landscape, including “shadow” APIs that may not be officially documented. This ensures that all potential attack surfaces are identified and can be brought under test.
- Oversight: This feature provides security teams with a centralized view of their API security program. It offers insights into the security posture of applications and APIs being developed, enabling better governance and risk management.
- Sensitive Data Identification: StackHawk can identify and prioritize APIs that handle sensitive data such as Personally Identifiable Information (PII), Payment Card Industry (PCI) data, and Protected Health Information (PHI).
Target Customers
StackHawk’s products and services are designed for a wide range of businesses, from startups and SMBs to large enterprises. The primary users are software developers and engineering teams who are responsible for building and securing applications. The platform is also valuable for Application Security (AppSec) and security teams who need visibility and governance over the security of the applications being developed. StackHawk targets modern engineering teams that have adopted DevOps practices and deploy software frequently. The company has customers across various industries, including financial services, health tech, and industrial automation. These customers benefit from StackHawk’s ability to reduce the risk of security breaches by finding and fixing vulnerabilities early, maintaining compliance with security standards, and improving the overall security posture of their applications without sacrificing development speed.
Cloud Integrations and Marketplaces
StackHawk offers several cloud integrations and is available on major cloud marketplaces, enabling customers to incorporate its application and API security testing into their existing cloud environments and procurement workflows.
- Microsoft Azure: StackHawk integrates with the Microsoft ecosystem, allowing for the automation of security testing within Azure DevOps pipelines. It also integrates with Microsoft Defender for Cloud, providing a unified view of API security findings. StackHawk Pro and StackHawk Enterprise are available for purchase in the Microsoft Azure Marketplace, which simplifies deployment for Azure customers.
- Amazon Web Services (AWS): StackHawk can be deployed into AWS environments and integrates with AWS CodeBuild and AWS CodePipeline to automate security testing. This allows developers to incorporate dynamic application security testing (DAST) and API security testing into their AWS CI/CD pipelines. StackHawk Pro and StackHawk Enterprise are available on the AWS Marketplace, facilitating streamlined purchasing and deployment for organizations using AWS.
- Google Cloud: While StackHawk has a documented parser for its data within Google Security Operations, indicating a level of data integration, a direct product listing on the Google Cloud Marketplace was not found.
Key People
The key people leading StackHawk are:
- CEO, Co-Founder: Joni Klippert
- CSO, Co-Founder: Scott Gerlach
- COO: Bryce Ambraziunas
- Chief Architect: KC Berg
- VP of Product & Design: Aaron White
- VP of Engineering: Dan Hopkins
- VP of Sales: Jeff Somers
- VP of Finance: Daryl Allen
- VP of Success: Matt Thompson
- Director of Strategic Partnerships: Morgan Hennessy
- Director of Ops & Analytics: Billy Shea
Key Facts
- Headquarters Location: Denver, CO.
- Number of Employees: 45-59.
- Annual Revenue: $7.4M.
- Parent Company: None.
- Subsidiary Companies: None.
- Publicly Listed: No.
Analyst Recognition
Based on publicly available information, StackHawk is not featured in market evaluation reports, such as a Magic Quadrant, Forrester Wave, IDC MarketScape, or Everest Group PEAK Matrix, from the analyst groups Gartner, Forrester, IDC, or Everest Group.
