DENVER, CO — Oct 27, 2020 — Application security startup StackHawk announced today that it has raised a $10 million in Series A funding. The pre-emptive, oversubscribed round was led by Sapphire Ventures and included return seed backers Foundry Group, Costanoa Ventures, Flybridge Capital, and Matchstick Ventures. Launched just over a year ago, StackHawk has seen significant demand as a platform that helps developers implement security testing before applications are pushed into production — a trend in the industry known as “shifting security left.”
With widespread adoption of DevOps over the past decade, companies are shipping software to production more frequently than before, with many companies pushing to production multiple times per day. The traditional models of application security testing such as quarterly penetration tests or scheduled scans of the production application have struggled to keep up with this shift, resulting in inefficiencies and increased risk exposure. Modern companies, however, are integrating application security into their DevOps practices, checking for vulnerabilities early in the software development life cycle. This approach vastly shortens the time to find and fix vulnerabilities, leading to efficient development and secure applications.
StackHawk is an application security testing platform that allows DevOps teams to instrument automated dynamic application security testing (DAST) in the CI/CD pipeline. With this approach, engineering teams can instrument automated testing with every pull request, ensuring that vulnerabilities are caught long before they hit production. And with a strong focus on features for software developers, application security can scale across the engineering organization, creating significant efficiencies in fixing security bugs.
Adrián Moreno Peña, Tech Lead at VanMoof, describes the company’s use of StackHawk, “At VanMoof we work fast and lean, in a DevOps-way of working with empowered teams using smart tools to handle their work. It was about time to find InfoSec tools that fit with our vision — high productivity tools, flexible, adaptable and created with developers in mind. Using StackHawk we can make our security improvement process transparent, actionable and easy to understand for each developer in the team, applying best practices and preventing security issues from going to production.”
The modern approach to application security also resonates with Katie Teitler, industry analyst at TAG Cyber. “Coming early into the development lifecycle is an attractive proposition, both for development lifecycles and for security teams,” said Teitler. “Since the platform is lightweight and quick to deploy through Docker, devs should feel instantly comfortable with it.”
The StackHawk founding team has leveraged their backgrounds in DevOps and security to build the product that puts application security in developer’s hands. Joni Klippert, StackHawk founder & CEO, has spent the past decade building DevOps products, most recently as the VP, Product at VictorOps (acquired by Splunk).
“Digital Transformation has allowed for automation of many tasks associated with building, delivering and operating software in production. DevOps automation enables companies to deliver business value to their customers faster than ever before,” said Klippert. “However, security practices are not keeping up with the speed of modern software delivery. StackHawk empowers software engineers to deliver secure software to their customers at the speed of DevOps.”
The focus on integrating into the modern engineering workflow and building features for developers was a leading factor for Sapphire to lead the round. “With the rise of DevOps, companies have shifted to the frequent release of software and reliance on automation. How companies approach application security should be no different,” says David Hartwig, Managing Director at Sapphire Ventures. “We believe that StackHawk has the product and the team in place, led by Founder and CEO Joni Klippert, to deliver on developer-first automated application security testing in the DevOps pipeline, and we are excited to partner with them along their journey.”
With the additional capital, StackHawk will continue product development, invest in go-to-market teams, and continue to support ZAP, the open source project that the company’s platform is built upon.
About StackHawk | StackHawk, an application security SaaS startup in Denver, CO, empowers engineers to easily find and fix application security bugs at any stage of software development. With a strong founding team that has deep experience in security and DevOps, and some of the best venture investors in the business, StackHawk is putting application security testing into the hands of engineers. Learn more and sign up for a free trial at www.stackhawk.com.
About Sapphire Ventures | Sapphire Ventures is a venture capital firm focused on helping innovative technology companies become global category leaders. Leveraging nearly two decades of experience and an extensive global executive network, Sapphire invests capital, resources and expertise to enable its portfolio companies to scale rapidly through a powerful business development, marketing and talent platform. With more than $4 billion in assets under management across its Sapphire Ventures, Sapphire Partners and Sapphire Sport investment platforms, Sapphire is positioned to elevate companies across technology sectors to the global stage. To learn more about Sapphire Ventures, please see: https://sapphireventures.com/