StackHawk Documentation StackHawk Logo HawkDocs
getting started

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc

Getting Started

Security testing for the way you build

StackHawk is dynamic application security testing (DAST) built for developers. Test your running applications to find real vulnerabilities before they reach production.

Start Scanning

Quick Start

Install HawkScan and run your first security scan.

Authenticated Scanning

Test protected routes behind login screens.

Scan Optimization

API specs, seed paths, tech flags, and custom policies.

API Discovery

Discover APIs

Find shadow APIs and undocumented routes across your codebase.

OAS Generation

Auto-generate OpenAPI specs from your code repositories.

Sensitive Data

Identify APIs handling PII, PCI, and PHI for prioritized testing.

AI-Powered Security

LLM Security Testing

Test for OWASP LLM Top 10: prompt injection, data disclosure, and more.

MCP Server

Run security tests in Cursor, Claude Code, or Windsurf via natural language.

Advanced Testing

Business Logic Testing

Detect authorization flaws (BOLA/BFLA) with multi-user role testing.

Custom Test Scripts

Write custom security tests in JavaScript or Kotlin.

Integrate & Automate

CI/CD Integration

GitHub Actions, GitLab CI, Jenkins, Azure Pipelines, and more.

Workflow Integrations

Connect to Jira, Slack, Microsoft Teams, and other tools.

Triage Findings

Review and track remediation in the StackHawk Platform.

Downloads

Get HawkScan for macOS, Windows, or Linux.

Configuration Reference

Complete stackhawk.yml options.

FAQ

Common questions answered.

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy