StackHawk
DAST and API security testing for the entire engineering team.
Founded
2019
HQ
Denver, Colorado
Based on
Open-source ZAP scanner
About StackHawk
StackHawk provides a platform for developers to easily run dynamic application and API security testing (DAST) in CI/CD pipelines. By shifting security testing left, it enables engineering teams to identify and remediate security bugs before they reach production. The tool integrates with popular CI/CD platforms, supports modern authentication methods like OAuth 2.0, and provides detailed scan results with cURL commands for easy replication of findings. StackHawk is built on the well-known ZAP scanner and is designed to make application security a shared responsibility between developers and security teams, rather than a bottleneck.
Core Features
Dast
Dynamic Application Security Testing for web apps.
Api Security Testing
Scans REST, GraphQL, and SOAP APIs.
Ci/Cd Integration
Integrates directly into pipelines (e.g., GitHub Actions, Jenkins, GitLab).
Developer-First Tooling
Provides actionable results and cURL commands to reproduce findings.
Authenticated Scanning
Supports scanning behind a login with various authentication methods.
Pricing Tiers
Free
Includes 1 application, unlimited scans, and integrations.
Pro
Adds features like API testing, more applications, and advanced support.
Enterprise
Custom pricing for advanced features like on-premises deployment and unlimited applications.