StackHawk Documentation StackHawk Logo HawkDocs
getting started
quickstart

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc

Quick Start

Go from URL to security findings in minutes — no install required

StackHawk Cloud Deployment runs the scanner from StackHawk’s infrastructure — no Docker, YAML, or CLI setup required. Every trial account includes 10 cloud-deployed scan hours to get started.

Step 1: Create Your StackHawk Account

Sign up for a free StackHawk account. You’ll get 14 days to explore the platform and 10 hours of cloud-deployed scanning.

Step 2: Enter Your Domain

In the StackHawk platform, you’ll be prompted to enter the domain of the application you want to scan. This should be the fully qualified domain name (FQDN) where your application is accessible — for example, app.example.com.

Your application must be accessible from the public internet. If it’s behind a firewall, contact support@stackhawk.com to discuss IP whitelisting.

Step 3: Verify Domain Ownership

Before scanning, StackHawk needs to confirm you own the domain. There are two paths:

  • Automatic verification: If your signup email domain matches the application domain, verification happens automatically.
  • DNS verification: Otherwise, you’ll add a DNS TXT record to prove ownership.

For DNS verification, create a TXT record with the values shown in the StackHawk platform:

FieldValue
Name (Host)Provided by StackHawk (e.g., _stackhawk.example.com)
ValueUnique verification token shown in the platform
TTL3600 (or your DNS provider’s default)

Once you’ve added the DNS record, click Verify in the platform to complete verification.

DNS propagation typically completes within minutes, but can take up to 24 hours depending on your DNS provider.

Step 4: Configure Your First Scan

After verification, StackHawk automatically profiles your domain and generates a scan configuration. Review the configuration in the platform and customize it for your application:

  • Domain: Confirm or update the target domain for your scan
  • Authentication: Add authentication such as basic auth, third-party OAuth providers, and more
  • OpenAPI Spec: Upload an OpenAPI specification to improve scan coverage across your API endpoints

Configuration is managed in the StackHawk UI. For fine-grained control, click Advanced Mode to edit the underlying YAML directly.

Step 5: Run Your First Scan

Click Run Scan to start. StackHawk provisions the scanner in the cloud and begins scanning your application. Cloud-deployed scans use a production-safe scan policy by default, so the scanner won’t disrupt your running application. You can monitor scan progress in real-time from the platform — no terminal or logs to watch.

Step 6: Review Results

Once your scan completes, findings will appear in the StackHawk platform. Select any finding to see its full details, including:

  • Severity: Rated as High, Medium, or Low
  • Description: What the vulnerability is and why it matters
  • Evidence: The specific request and response that triggered the finding
  • Remediation guidance: How to fix the issue

View your results at any time from the Scans page in the StackHawk platform.

What’s Next?

Authenticated Scanning

Test protected routes behind login screens.

Install & Run HawkScan

Run scans locally with the CLI.

Scan Optimization

Improve coverage with API specs, seed paths, and custom policies.

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy