How Security-Based Development Should Work

Joni Klippert
Joni Klippert
Share on twitter
Share on facebook
Share on linkedin
Share on reddit
Joni Klippert

Joni Klippert

Share on twitter
Share on facebook
Share on linkedin
Share on reddit

This is my favorite slide from my pitch deck, used to highlight the problem that has kept security from “shifting left” into the modern development workflow. We started StackHawk to help engineers find and fix application security bugs in their code, as they write software and before deploying to production.

Over the past several years, tooling and processes have evolved to help businesses ship features to their customers faster. Automated QA, unit testing, and integration testing are just a few examples of capabilities that fit nicely into the CICD pipeline and allow engineers to find bugs as they write and deliver code. At StackHawk, we’re providing software engineers with this capability for security bugs. 

Security-Based Development with StackHawk

StackHawk empowers software engineers to take security into their own hands by providing software that does the following: 

  • Runs Where Engineers Work, as They Work. Engineers can run StackHawk on their local machines before pushing code into their CI workflow, and also instrument StackHawk in CI to catch bugs before code is deployed to production. 
  • Finds AppSec Bugs Continuously. Existing (DAST) AppSec scanners are built to run in production, by the security team. StackHawk was built developer-first, and can be instrumented to run on every PR/Merge, where bugs can be identified on a specific branch and fixed by engineers immediately. 
  • Promotes Security Observability. As StackHawk runs in CI it populates scan results and metadata into the platform, and integrates with workflow tools like Slack so engineers can easily see when new security bugs have been introduced. 
  • Saves Teams Money. When AppSec bugs make it into production, it’s expensive to context switch teams to old code to remediate issues. Many companies also pay bug bounties on security bugs that would otherwise be identified by StackHawk early in the development process.
  • Empowers Engineers to Own AppSec. Developers care about code quality, and this includes security. Engineers that use StackHawk fix net-new security bugs by default because they find out at the right time, in their existing workflow. It’s time companies put more trust and responsibility in the very capable hands of their engineering team when it comes to delivering secure software. 

To learn more about StackHawk and to give security-based development a try, sign up for the early access program. 

More StackHawk
Ryan Severns
Zachary Conger
Scott Gerlach

KAAKAWW!!! [ kǝn'grats ]

The Demo Gods Approve!
We’ll reach out to you soon to schedule a 45 minute demo. Please complete this 3 minute survey so we can prepare a demo that is specific to you.

KAAKAWW!!! [ kǝn'grats ]

You're signed up for the newsletter!
We’ll keep you up to date on content and other happenings here at StackHawk.