Read the Docs
Get up and running in less than an hour. Build the config file and then $ docker run hawkscan to find your security bugs.
DAST Reimagined
Purpose-built for modern engineering teams.
StackHawk is the only dynamic application security testing solution that was built to bridge the trust gap between AppSec and Developers to deliver more secure software faster.
Focused on pre-production application security testing, StackHawk gives teams the ability to actively run security testing as part of their CI/CD workflows.
The StackHawk Difference
Shift Security Left with Automated DAST Scanning
Scheduled application security scans of production environments no longer cut it. DevSecOps requires DAST scanning that is automated in the CI/CD pipeline. StackHawk is purpose-built to run in the DevOps pipeline, ensuring your team has eyes on any new vulnerabilities before they hit production.
- Scale AppSec with automation and existing Developer resources
- Run in CI/CD where existing software development takes place
- Built for engineers to own the initial triage and fix of security issues
- Proactively find, triage, and fix bugs before production with automated API security testing
Reliably Test Applications and APIs
Application architecture has advanced over the past decade, requiring application security testing that is built for scanning microservices, APIs, traditional, and single-page applications. With StackHawk, you can align your DAST testing with your architecture for better performance and faster fixes.
- Exhaustively test REST, SOAP, GraphQL, and gRPC APIs
- Run scans in parallel with existing build tools for increased performance
- Utilize your existing test data to match your endpoints
- Create custom test scripts to cover specific scenarios for your application
- Safeguard applications with depth of scan and API testing as part of software testing best practices
Happy Engineers, Scaled AppSec Teams
Legacy DAST solutions focus on giving Security teams the tools to test for vulnerabilities in production, which introduces disruptions to Developer workflows and delays shipping code. With StackHawk’s modern approach to DAST, Developers can write secure software faster, and Security teams can scale at the speed of software being deployed.
- Build security testing into software best practices
- Automate application and API testing within CI/CD workflows
- Seamlessly run scans every time code is checked in
- Lean on developer expertise to scale security testing workflows
- Trust and verify for faster fixes
Built for the Modern Engineering Stack
Rolling out DevSecOps within an organization requires security tools that fit into existing engineering workflows. From scan kickoffs to finding alerts to backlog prioritization, your DAST tooling should tie in with your engineering stack. StackHawk was built for teams that deploy software every day.
- Runs anywhere, on any platform
- Language agnostic
- Manage findings in existing ticketing systems
- Automate with CI/CD pipeline integrations
- Application security testing on every PR
How Does Your DAST Stack Up?
Whether you are implementing dynamic application security testing for the first time or are evaluating against existing systems, make sure you are using modern DAST tooling.
| Feature | Legacy Vendors |  |
|---|---|---|
| DAST SCANNER | ||
| Testing Modern Applications |  | |
| HTML Scanning | | |
| Single Page Application Scanning | | |
| gRPC Scanning | | |
| REST API Scanning | | |
| GraphQL Scanning | | |
| Authenticated Scanning | | |
| Microservice Scanning | | |
| CI/CD AUTOMATION | ||
| CI/CD Automation for DevSecOps | | |
| Integrations with CI/CD Tooling | | |
| Scan Non-Publicly Available Deploys | | |
| State Management of Existing Findings | | |
| Configurable Pass / Fail Criteria for Pipeline | | |
| TESTING EXPERIENCE | ||
| Fast Triage and Fix with Developer Features | | |
| Vulnerability Overviews | | |
| Clear Vulnerability Fix Documentation | | |
| Request / Response Finding Evidence | | |
| cURL Command Reproduction Criteria | | |
| Localhost Scan Support for Changes | |
Application Security Testing You'll Enjoy Using.
Evaluating Dynamic Application Security Testing Tools?
Want to see automated security testing in action?
Ready For More?
Read the Docs
Get Started
Find and fix application security bugs before they hit production. Build your config and run your first scan in less than 15 minutes.
Request a Demo
If you are interested in seeing more of the StackHawk platform, schedule time with our team for a live custom demo.