StackHawk
LightNews LightNews
banner
stackhawk.bsky.social
StackHawk
@stackhawk.bsky.social
14 followers 7 following 100 posts
StackHawk makes it simple for developers to find, triage, and fix application security bugs. AppSec Closer to the Keyboard than Ever Before.
Posts Replies Media Videos
stackhawk.bsky.social
BFLA isn't about accessing someone else's data.

It's about performing actions your role shouldn't allow.

Your API checks authentication ✅
But forgets authorization ❌

Regular users executing DELETE requests. #5 on OWASP.
www.stackhawk.com/blog/underst...
February 6, 2026 at 5:48 PM
stackhawk.bsky.social
90% test coverage of 60% of your attack surface isn't coverage. It's false confidence.

Only 30% of AppSec teams are "very confident" they know what exists in their environment.

Intelligence = context + action. Most programs have neither.

Learn more👉
www.stackhawk.com/blog/appsec-...
February 5, 2026 at 4:34 PM
stackhawk.bsky.social
StackHawk is sponsoring GuidePoint CKO in Orlando this week and is excited that GuidePoint is an inaugural partner for our new SHARP program.

Connecting with security teams about application security testing and shift-left strategies.
www.stackhawk.com/blog/introdu...
February 4, 2026 at 5:37 PM
stackhawk.bsky.social
Authentication vs Authorization.

Most developers know the difference, but BOLA vulnerabilities say otherwise.

BOLA has been the #1 API risk since 2019. Not because it's complex, but because it's easy to overlook. www.stackhawk.com/blog/underst...
January 30, 2026 at 6:14 PM
stackhawk.bsky.social
The problem isn't that AI writes vulnerable code. 🤖

The problem: when velocity increases 5-10x, findings increase 5-10x. 50% of AppSec teams spend 40%+ of their time just triaging.

Manual processes weren't built for this. www.stackhawk.com/blog/ai-codi...
January 28, 2026 at 5:08 PM
stackhawk.bsky.social
4 business days to disclose material incidents + annual proof of risk management = you need proactive prevention.

Do you have complete attack surface visibility? Can you prove what was tested? Do you have metrics for board oversight?

Read more: stackhawk.com/blog/sec-cyb...
January 27, 2026 at 9:31 PM
stackhawk.bsky.social
AppSec programs haven't evolved to match AI-driven development. Yet.

We're sponsoring Cycode's Product Security Summit on Jan 28 to dig into what's actually working.

Register here: cycode.com/product-secu...
January 26, 2026 at 5:03 PM
stackhawk.bsky.social
🔍 Next week: API Security for the AI Era

Source-based discovery. LLM threat testing. Prevention before production.

Jan 27 | 3 PM ET

Don’t miss out! Register to save your spot → www.stackhawk.com/resources/gi...
January 23, 2026 at 5:05 PM
stackhawk.bsky.social
The 2026 AppSec reality:

87% adopted AI coding assistants, but 50% spend 40%+ of their time just triaging alerts.
73% can't confidently answer board questions about risk posture.

Learn more: stackhawk.com/blog/2026-st...

Download the guide: stackhawk.com/resources/gu...
January 22, 2026 at 5:10 PM
stackhawk.bsky.social
PCI DSS v4.0.1 is mandatory.

𝗧𝗵𝗲 𝘀𝗵𝗶𝗳𝘁: annual pen tests → continuous testing

StackHawk = pre-prod DAST in minutes, not hours. Runtime validation. AI-powered API discovery.

Read how we help meet the requirements 👇
www.stackhawk.com/blog/pci-dss...
January 20, 2026 at 9:28 PM
stackhawk.bsky.social
⏰ 2 weeks: API Security for the AI Era

Why GigaOm recognized StackHawk: source-based discovery finds APIs before production.

Jan 27 | 3 PM ET

Learn the Discover → Test → Govern framework.

Register → www.stackhawk.com/resources/gi...
January 16, 2026 at 4:47 PM
stackhawk.bsky.social
AI tools let devs generate complete APIs in minutes.
Traditional security tools? Still catching up weeks later.

We're demoing how StackHawk keeps pace at
Liminal's AppSec in the Age of AI Demo Day.

📅 Jan 28 | Our session starts at 10:30 AM ET
liminal.co/demo-day/app...
January 15, 2026 at 5:09 PM
stackhawk.bsky.social
DAST programs don't stall because the tech fails.

They stall because teams can't prove impact.

3 questions your metrics need to answer:
Are we testing what matters?
Are we reducing risk?
Are we scaling?

Don't report scans. Report what matters.
www.stackhawk.com/blog/dast-ap...
January 14, 2026 at 3:57 PM
stackhawk.bsky.social
AI is creating attack surfaces faster than AppSec teams can track. So how do you gain visibility and control?

Join us Jan 28 at The Great Convergence—Cycode's Product Security Summit.

Sign up: cycode.com/product-secu...
January 13, 2026 at 6:40 PM
stackhawk.bsky.social
Need AppSec help for every new app? You won’t scale.

🚦 Build the paved road: templates, workflows, docs devs can use independently.

Learn how: sthwk.com/49vwP0x
January 8, 2026 at 7:01 PM
stackhawk.bsky.social
📣Just Dropped 📣

StackHawk founders Joni Klippert and Scott Gerlach are featured in @usatoday.com’s Innovation Leaders Docuseries, sharing our vision for reimagining AppSec.

Watch the full feature ➡️
stackhawk.com/resources/ac...
December 1, 2025 at 6:46 PM
stackhawk.bsky.social
Are LLM risks like prompt injection in scope for your AppSec program? Should they be?

Read to learn about the root causes of prompt injection vulnerabilities, real-world examples, and a guide to protecting your applications against them.

🔗 www.stackhawk.com/blog/owasp-l...
November 26, 2025 at 5:13 PM
stackhawk.bsky.social
Runtime testing meets ASPM. 🤜🤛

StackHawk finds exploitable vulns at runtime before code ships. Cycode adds code context, automates remediation, and validates fixes.

Together, issues are fixed in hours, not weeks, with full visibility across risk.

Read the blog:
hubs.ly/Q03VP-S70
November 25, 2025 at 3:41 PM
stackhawk.bsky.social
The @endorlabs.bsky.social + @stackhawk.bsky.social
integration connects SAST + DAST for one correlated finding.

Less noise. Real context. Faster fixes.

🔗 www.stackhawk.com/blog/endor-l...
November 20, 2025 at 9:06 PM
stackhawk.bsky.social
🛡️136% increase in API security coverage. 0 manual setup.
APIs discovered and tested in under 15 minutes.

ITV scaled API security with StackHawk’s AI-powered OpenAPI Spec Generation, automating onboarding & testing across hundreds of apps.

Read how → www.stackhawk.com/customers/it...
November 19, 2025 at 4:43 PM
stackhawk.bsky.social
AI isn’t just building apps faster.
It’s building new attack surfaces.

StackHawk now finds prompt injections, leaky prompts, and LLM risks before production, all inside CI/CD.

Read the full blog to learn more: www.stackhawk.com/blog/llm-sec...
November 13, 2025 at 8:12 PM
stackhawk.bsky.social
Most DAST programs don’t fail on testing, they fail on visibility.

StackHawk’s API Discovery finds every API right from your source code so you know what to test first.

Visibility first. Security follows.

🔗 Read the full blog: www.stackhawk.com/blog/source-...
November 11, 2025 at 9:41 PM
stackhawk.bsky.social
Big thanks to everyone who joined StackHawk, Arnica, Eve Security, Prime Security, & Phoenix Security at our OWASP DC social!

It was great connecting with the AppSec community and talking all things shift-left and secure software.

#AppSec #ShiftLeft #OWASP #DevOps
November 7, 2025 at 7:09 PM
stackhawk.bsky.social
What a great night after #DayOne of #SecureWorld Seattle! 🌐

Big thanks to everyone who joined the AppSec dinner we co-hosted with @semgrep.com and EVOTEK last night.

Amazing food, even better conversations. 🥂

#SecureWorld #AppSec #DevSecOps
November 6, 2025 at 4:37 PM
stackhawk.bsky.social
Join StackHawk, Arnica, Phoenix Security, Prime Security, and EVE Security, for an exclusive post-Day 1 after party at OWASP Global AppSec DC.

🗓️ Tomorrow at 6:30 PM ET

Don't miss out, RSVP here→ luma.com/jhyynqjq

#AppSec
Owasp DC After Party! · Luma
Join us at our annual OWASP DC Global happy hour for some food, drinks, and general good time!
luma.com
November 5, 2025 at 4:01 PM