Hamburger Icon

How Security-Based
Development Should Work


Joni Klippert|April 20, 2020

This is my favorite slide from my pitch deck, used to highlight the problem that has kept security from “shifting left” into the modern development workflow. We started StackHawk to help engineers find and fix application security bugs in their code, as they write software and before deploying to production.

how-security-based-development-should-work-img-1 image

Over the past several years, tooling and processes have evolved to help businesses ship features to their customers faster. Automated QA, unit testing, and integration testing are just a few examples of capabilities that fit nicely into the CICD pipeline and allow engineers to find bugs as they write and deliver code. At StackHawk, we’re providing software engineers with this capability for security bugs. 

Security-Based Development with StackHawk

StackHawk empowers software engineers to take security into their own hands by providing software that does the following: 

  • Runs Where Engineers Work, as They Work. Engineers can run StackHawk on their local machines before pushing code into their CI workflow, and also instrument StackHawk in CI to catch bugs before code is deployed to production. 

  • Finds AppSec Bugs Continuously. Existing (DAST) AppSec scanners are built to run in production, by the security team. StackHawk was built developer-first, and can be instrumented to run on every PR/Merge, where bugs can be identified on a specific branch and fixed by engineers immediately. 

  • Promotes Security Observability. As StackHawk runs in CI it populates scan results and metadata into the platform, and integrates with workflow tools like Slack so engineers can easily see when new security bugs have been introduced. 

  • Saves Teams Money. When AppSec bugs make it into production, it’s expensive to context switch teams to old code to remediate issues. Many companies also pay bug bounties on security bugs that would otherwise be identified by StackHawk early in the development process.

  • Empowers Engineers to Own AppSec. Developers care about code quality, and this includes security. Engineers that use StackHawk fix net-new security bugs by default because they find out at the right time, in their existing workflow. It’s time companies put more trust and responsibility in the very capable hands of their engineering team when it comes to delivering secure software. 

To learn more about StackHawk and to give security-based development a try, sign up for the early access program.

Joni Klippert  |  April 20, 2020

Read More

Application Security is Broken. Here is How We Intend to Fix It.

Application Security is Broken. Here is How We Intend to Fix It.

Application Security Testing Belongs in the CI Pipeline

Application Security Testing Belongs in the CI Pipeline

Application Security Testing with HawkScan Github Action

Application Security Testing with HawkScan Github Action