Over two years ago, we founded StackHawk to bring application security into the world of continuous delivery. After spending more than a decade building SaaS DevOps solutions that enabled rapid software delivery, it was clear that application security was the next, most important, DevOps frontier. The StackHawk approach to AppSec sought to replace periodic penetration tests and siloed security departments with automation and a shared responsibility for secure code that spanned across engineering, DevOps, and security.
And so, we created StackHawk with the mission to empower engineers to easily find and fix application security vulnerabilities quickly with a modern approach to dynamic application security testing (DAST) and API security.
But, we weren’t the only ones that knew application security had to change. Our friends at Snyk shared the vision of developer-first security, and they went on to create best-in-class software composition analysis (SCA) and static analysis (SAST) tools. Snyk’s products focus on identifying vulnerabilities by looking at the underlying code, whether looking for insecure coding patterns with SAST or vulnerable open source dependencies with SCA. StackHawk tests for runtime vulnerabilities, testing running application services and APIs the same way an outside attacker would. Together, the tools provide complementary testing for a more complete security picture.
In 2021, StackHawk and Snyk began informally to work together, enabling customers looking for a comprehensive suite of developer-centric application security testing tools. Over and over again, we heard from customers that StackHawk’s DAST and API security capabilities, in combination with Snyk’s offerings, provided a complete set of application security tooling today’s teams need.
After seeing significant momentum across joint customers over the past year, we are thrilled to announce that we have decided to formalize our partnership!
StackHawk + Snyk: A Complete Package of Modern Application Security Testing Tools
It is not uncommon for companies to employ a suite of security testing tools for complete coverage. According to Forrester, teams that use SAST and DAST remediate findings 24.5 days faster than the average and teams that combine SAST and SCA scans remediate findings six days faster.
While legacy offerings in market may share the SAST and DAST acronyms, those tools were built to be operated in production by a security team, resulting in long scan times, vulnerabilities existing in production for months, and inefficient (and unacceptable) remediation times. It takes more than a mention of “shift left” on a marketing site to make it a reality.
StackHawk and Snyk are changing that with products that developers love and security teams trust. Here is what customers love about using StackHawk and Snyk together:
Automated Testing in CI/CD
SCA, SAST, DAST and API Security can be automated in CI/CD, alerting developers of security issues early and catching issues before they are shipped to production. Used in combination, StackHawk and Snyk provide greater insight into the exploitability of potential vulnerabilities. When issues are found in the underlying code and are identified as exploitable with a dynamic test, they are clearly worth prioritizing.
Developer Friendly Functionality
Developers are equipped with the information and tools they need to fix vulnerabilities quickly and get back to feature development. Historically, security issues have been identified by a siloed security team long after engineering wrote the code. Engineers would be tasked with fixing previously written code, derailing their planned work. StackHawk and Snyk together offer developers tooling that integrates into their workflow, letting them know when they have introduced an issue and equipping them with the tools to fix it quickly.
Testing for Modern Apps
Snyk and StackHawk were both created for modern apps. Find and fix security bugs in microservices, backing APIs, and modern languages. It is no secret that software development is evolving at a rapid pace. Unfortunately, however, the majority of security tooling on the market was built for the software architectures of more than a decade ago. With modern development languages, microservice architectures, single page applications, and more, today’s software requires up-to-date tooling. Snyk and StackHawk together are leading the charge in their respective categories.
So What’s Next?
We are proud to have formalized our partnership with Snyk so we can continue working together to empower engineers and shift security into the hands of those who code.
In addition to our partnership, we are also thrilled to announce our new integration with Snyk that gives developers the ability to find, correlate, and fix application security issues more efficiently.