StackHawk
Sign In
Get a Demo

Customer Success Story

Change.org Brings in Dev-First Security Solutions to Improve Security Posture

By integrating StackHawk and Snyk, Change.org built a scalable, standardized approach to application security—enabling developers to identify and fix vulnerabilities early, safeguard user data, and maintain trust at global scale.

Fewer Vulnerabilities

Faster Remediation

User Protection

GitHub logo

Use Case

Formalize their security process

Industry

Nonprofit-Owned Public Benefit Corporation

Company

Change.org

Location

San Francisco, USA

Download Full Story

Change.org recognized the need to formalize its security processes. Prior to this, individual engineers were handling security in isolation, leading to inconsistencies in scanning and addressing vulnerabilities. The team needed a way to improve their security posture and effectively protect their platform and users at scale.This lack of standardization prompted Change.org’s security team to seek effective partners. Enter Snyk and StackHawk.

Having tools like Snyk and StackHawk that align with Change.org’s rapid development and deployment ethos is crucial for maintaining the trust of users.

Will Whittake, Principal Security Engineer

The Problem

As a software company operating primarily as a website, Change.org’s core is its code. Insecure or vulnerable code poses significant risks, especially when dealing with critical petitions and the sensitive data of millions of daily users. Addressing this challenge became a top priority for the security team.

The Solution

Change.org, hosted on AWS, integrated Snyk’s Static Application Security Testing (SAST) with StackHawk’s Dynamic Application Security Testing solution. Change.org can now seamlessly test code for security issues prior to deployment, enabling engineers to “shift left” by finding and fixing vulnerabilities before they reach production and improving operational efficiency.

The Results

Vulnerabilities have decreased, empowering the security team to swiftly identify and remediate issues. This not only protects the platform but also safeguards the millions of users who trust Change.org with their data and impactful petitions.

Choosing a Solution

The integration of Snyk and StackHawk has proven invaluable for Change.org. Previously lacking standardization in security practices, the adoption of these solutions improves the team’s security posture and gives the Change.org security team the ability to effectively protect their platform and users at scale. This transformation not only significantly reduced the number of vulnerabilities across the website and backend but also bolstered protection for Change.org’s millions of daily users. With sensitive user data and impactful petitions at stake, ensuring robust security measures is paramount.

Experience with StackHawk

Moving forward, Change.org remains committed to leveraging Snyk and StackHawk’s offerings. Actively participating in beta testing and collaborating on product enhancements, Change.org recognizes the symbiotic nature of this partnership. By contributing to the improvement of Snyk and StackHawk’s solutions, Change.org simultaneously strengthens its own security posture. Change.org views this collaboration as an extension of their capabilities, fostering a mutually beneficial relationship for all parties involved.
Now we have a formalized process for how to scan and how to remediate, and not only have we drastically cut down on the amount of vulnerabilities on our website and on the backend, we’ve been able to partner with our engineers for faster fixes, which then protects the people who use Change.org.
Mike Bogdan, Senior Manager Information Security

Explore Our Customer Stories

Public Benefit Corporation

Change.org needed a way to improve their security posture and effectively protect their platform and users at scale.

Health Tech

A healthtech company boosted security with StackHawk for API discovery and automated CI/CD security testing, to improve efficiencies while reducing risk.

Financial Services

Learn how one FinTech Leader deployed StackHawk to secure its Fortune 100 customers, prioritizing a shift-left and continuously secure model over just box checking for compliance requirements.

Interested in seeing StackHawk at work?

Schedule time with our team for a live demo.

Request a Live Demo