Hamburger Icon

Welcoming Simon Bennetts,
Founder of Zed Attack Proxy
(ZAP), to the StackHawk Team!


Joni Klippert|July 16, 2020

We are thrilled to announce that Simon Bennetts, Founder of Zed Attack Proxy (ZAP), has joined the StackHawk team. ZAP is an open source dynamic application security testing (DAST) tool that helps users find security bugs in their code; it is also the underlying scanning technology for the StackHawk product.

My co-founders and I met Simon a couple of months ago after a Tweet about how StackHawk was built on top of ZAP. In our first call, we shared how: 

StackHawk was founded to deliver a product that makes it easy for developers and DevOps teams to find and fix security bugs before they are deployed to production.

We detailed how in order to support software engineers owning appsec, we needed to deliver a product that:

  • Is simple to automate as part of the CICD pipeline

  • Gets out of developer’s way – and only draws their attention to new and valuable information

  • Integrates with existing development processes and tooling

Our focus on automation was what led us to ZAP as the foundation of our scanning technology. The project Simon founded and contributed to over the past 10 years is the best on the market for automation – which is critical to delivery of AppSec testing in CICD pipelines and the developer-first mission of StackHawk. 

ZAP + StackHawk = Product Fit

Just before hopping on our first call with Simon, my co-founder Scott tipped me off that I was probably going to want to hire Simon after meeting him. After we shared our product vision, Simon began to share his journey in founding and building ZAP. As a developer, he’d received a pentest that detailed some vulnerabilities in the code he wrote. He then looked for a tool on the market that was built to help developers find security bugs in their code, and when he didn’t find one, he decided to build one – and open source it. 

As Simon talked about the challenges he was solving for with ZAP, I wanted to jump through the Zoom call and high-five him! YES!! We are on the same mission. 

And at StackHawk we believe we will best deliver on our product by hiring a team that puts the developer experience first, with empathy for developer workflows and an appreciation for rapid software delivery.

Simon + StackHawk = Excellent Team Fit

Lastly, we are thrilled to be in a position to support the Open Source ZAP community. ZAP is the most frequently used application security scanner on the market. While several developer-first companies like GitHub and GitLab integrate with or leverage Open Source ZAP to provide security scanning to their customers, it is also widely used by the penetration testing community. 

At StackHawk we believe there is a ton of opportunity to grow the ZAP community with developer-first insights and capabilities that empower engineering teams to own application security. We are thrilled to be supporting Simon in spending the majority of his time on Open Source ZAP and facilitating growth of the overall community. 

At StackHawk we believe that commercialization of Open Source is an “all ships rise” opportunity. By providing capabilities that improve ease of use, enable rapid iteration and fast delivery of quality software, we will have many contributions to provide back to the community that continue to improve the overall project. 

StackHawk + ZAP + Simon = Community Growth

My co-founders and I warmly welcome Simon to the StackHawk Team. We are excited about the opportunity this presents for StackHawk and the customers we serve, and the overall ZAP community. We would also like to thank the ZAP core contributors that have worked with Simon to grow this project to what it is today – we are excited to get to know you better. Also, thank you to Mozilla for supporting Simon and ZAP over the last several years. 

To read more about ZAP and Simon’s journey, check out his post about joining the StackHawk team.

Joni Klippert  |  July 16, 2020

Read More

Add AppSec to Your CircleCI Pipeline With the StackHawk Orb

Add AppSec to Your CircleCI Pipeline With the StackHawk Orb

Application Security is Broken. Here is How We Intend to Fix It.

Application Security is Broken. Here is How We Intend to Fix It.

Using StackHawk in GitLab Know Before You Go (Live)

Using StackHawk in GitLab Know Before You Go (Live)