Announcing StackHawk’s
$20.7 Million in Series B Funding
to Drive Developer-First Security

joni-klippert@2x-1-ow5g5fs0er3j9gfu6l1v9s35oyob7u8unjuhurnhq8

Joni Klippert|May 12, 2022

With this funding, we have the opportunity to ramp up investment in product development and capitalize on a market that is desperate for a better way to approach application and API security testing. 

Following up on the announcement of our partnership with Snyk in April, we are delighted to announce another big day for StackHawk. 

We have secured $20.7M in fresh capital co-led by Sapphire and Costanoa Ventures, with participation from Foundry Group and other investors and long-time believers in StackHawk. This latest financing brings StackHawk’s total funding raised to $35.3 million.

With this funding, we have the opportunity to ramp up investment in product development and capitalize on a market that is desperate for a better way to approach application and API security testing. 

Let’s Rewind

We started StackHawk nearly three years ago now when DevOps tooling and processes were beginning to mature. At that time, there was great concern about how security teams were going to keep up with the pace of software delivery. Dynamic application security testing (DAST) was a desired technology (I can’t tell you how many times I heard “if you could only automate DAST!”), yet a second class citizen that was hamstrung by its old reputation of taking multiple teams to deploy, days to run, and producing a PDF of results that just weren’t that helpful. 

I was a Vice President of Product who had experienced this pain first hand. Security issues would get dumped on my plate and marked as top priority fixes. I had to make a decision about interrupting sprints and delaying feature releases versus fixing security issues which often lacked context.

I knew the way security testing worked was fundamentally broken, and in July of 2019, we put together the team to deliver on a product and GTM motion to fix it.

An Evolving Market, Three Years Later

Now, three years later, we are in a market where security has never been more important, and organizations across industries of all types and sizes are rapidly changing how they approach security.

No longer are technical decision makers looking for security tools that can only find security issues after code has been shipped to production. Instead, the market is demanding solutions that make application and API security testing part of software development.

43% of global security decision makers are looking to implement dynamic application security testing during software development as they try to keep their most critical data safe. 

StackHawk has proven that security doesn’t have to be an “either/or'' decision with feature delivery. We bake security testing in from the start which has a massive impact on the quality of the code being shipped to production. Transforming how teams identify and fix application and API security issues is the mandatory next step in making software delivery efficient, while driving quality. 

Now is the time to accelerate product investment and extend our leadership in what the market is demanding:

  • Continuous Security Testing in CI/CD: Continuous Integration/Continuous Delivery (CI/CD) has become a mainstay in modern software development organizations. StackHawk extended this to include Continuous Security Testing baked into existing DevOps pipelines, with security issues being surfaced and fixed early in the software delivery lifecycle, just like any other bug.

  • Coverage of Modern Application Architecture: Today’s software is generally built on a microservices architecture, with the most sensitive data often accessed at the API layer. StackHawk conducts traditional web application testing like other players in the market, but has also built market leading API security testing functionality for REST, SOAP, and GraphQL APIs.

  • Correlation and Actionability: StackHawk is built for developers to own the security testing of the code they write. When issues are found, StackHawk makes it simple for a developer to fix the issue. With the recently released integration with Snyk, not only are developers equipped natively in StackHawk to debug, but they can also see correlations to Snyk Code findings to identify which line of code contains the vulnerability.

Looking Ahead

We are building StackHawk to be the de-facto choice for developers that need application and API security testing. The world of security is fundamentally changing and the market is demanding new solutions that legacy vendors simply can’t provide.

Beyond investing in product, we are laser-focused on making it much easier for developers to hit the ground running with StackHawk. From our CLI that we introduced earlier this year, to new product integrations, the developer-experience is front and center of what we will deliver moving forward.

Growing the Nest

If you want to learn more about StackHawk, our top solutions architects will be available every weekday at 9 AM PT to demo the latest features in the product and take live Q&A in an “Ask the Expert” session. Register here.

We have also completely revamped our onboarding experience to provide users with all they need to get automated security testing stood up quickly. Sign-up for a StackHawk account and get scanning.

And, if you want to work with the greatest humans imaginable, check out our jobs board and see the openings we have across our team.

This is only the beginning, and I look forward to sharing our success with all of you today and in the exciting future ahead.


Joni Klippert  |  May 12, 2022