CHOOSING A SOLUTION
When it came time to setting up a dynamic application security testing tool, Planetly first turned to ZAP, the popular open source vulnerability scanner. As a fast moving engineering team, they explored delivering Zap-as-a-Service.
As the team began to scope and test the work associated with this, they recognized that building ZAP-as-a-Service would require a lot of upfront work and ongoing maintenance. That is when they discovered StackHawk. After spending a week testing ZAP, it took Planetly less than an hour to get StackHawk configured and running authenticated scans against his applications and APIs.

EXPERIENCE WITH STACKHAWK
With StackHawk, the Planetly team saw several benefits for its application security testing tool:
Trusted ZAP Scanner: ZAP is the industry standard when it comes to web application security testing.
Simple Configuration: With YAML based configuration files, config is managed in code using existing version control systems.
Docker Deployment: With StackHawk’s container based deployment of scans, automating application security testing is simple.
Developer Fix Features: cURL based recreation feature allows a developer to recreate the same request to debug the issue.
Integrations: With StackHawk’s Jira integration, findings are easily passed into Jira to create new tickets.
With StackHawk, Planetly has application security coverage for its applications and is able to distribute testing across engineering, hitting its quarterly OKR within weeks. After testing StackHawk, the team cited productivity gains as one of the biggest benefits and the ability to ensure secure deployments while focusing efforts on other high value work.