Here's the rundown on StackHawk:
⚡ Dynamic Application Scanning: Use HawkScan for dynamic vulnerability scanning of your web apps. Think of it as continuous pen testing or security integration testing. Get started with your first scan in minutes.
🦸♀️ Built for Modern Dev Teams: Automate scans with Docker commands, manage configs via YAML, and add app scanning as a build stage. We're built for dev teams that care about security and quality.
🧰 Vulnerability Management: (🔜coming soon!) Document for compliance. Prioritize and manage fixes with integrations to existing ticketing tools. No more quarterly pen test PDFs - there is a better way.
StackHawk is application vulnerability scanning purpose built for developers to use in the DevOps pipeline. The product is comprised of the HawkScan scanner and the StackHawk SaaS platform.
HawkScan: Test for web application vulnerabilities throughout the CI/CD pipeline. Begin finding vulnerabilities in local dev and test throughout the pipeline to identify vulnerabilities as they are introduced.
StackHawk Platform: As HawkScan continuously finds web application vulnerabilities, the StackHawk platform provides an interface to communicate with stakeholders about the company's security posture, manage vulnerabilities, and promote issues for remediation in your existing ticketing tools.
StackHawk proudly leverages OWASP ZAP as the foundation for its scanner. With HawkScan, you have access to:
Route Discovery: Support for OpenAPI and framework-based route identification to improve scan efficiency.
Scan Automation: Built for DevOps teams and packed as a Docker container, StackHawk allows you to automate your AppSec.
Improved Results: Whether you are working in the terminal or the web app (🔜coming soon!), scan results are interpretable and actionable to ensure you can quickly fix vulnerabilities and get back to building software.
The StackHawk team is hard at work adding new features and is here to provide support. If you need anything, please get in touch by emailing us at firstname.lastname@example.org.
Time to start scanning!