Security startup StackHawk raises $10m Series A funding to put application security in the hands of developers
Application security startup StackHawk has raised a $10 million in Series A funding, pre-emptive, oversubscribed round led by Sapphire Ventures and included return seed backers Foundry Group, Costanoa Ventures, Flybridge Capital, and Matchstick Ventures. Launched just over a year ago, StackHawk has seen significant demand as a platform that helps developers implement security testing before applications are pushed into production -- a trend in the industry known as "shifting security left."
With widespread adoption of DevOps over the past decade, companies are shipping software to production more frequently than before, with many companies pushing to production multiple times per day. The traditional models of application security testing such as quarterly penetration tests or scheduled scans of the production application have struggled to keep up with this shift, resulting in inefficiencies and increased risk exposure. Modern companies, however, are integrating application security into their DevOps practices, checking for vulnerabilities early in the software development life cycle. This approach vastly shortens the time to find and fix vulnerabilities, leading to efficient development and secure applications.
StackHawk is an application security testing platform that allows DevOps teams to instrument automated dynamic application security testing (DAST) in the CI/CD pipeline. With this approach, engineering teams can instrument automated testing with every pull request, ensuring that vulnerabilities are caught long before they hit production. And with a strong focus on features for software developers, application security can scale across the engineering organization, creating significant efficiencies in fixing security bugs.
Adrián Moreno Peña, Tech Lead at VanMoof said: "At VanMoof we work fast and lean, in a DevOps-way of working with empowered teams using smart tools to handle their work. It was about time to find InfoSec tools that fit with our vision - high productivity tools, flexible, adaptable and created with developers in mind. Using StackHawk we can make our security improvement process transparent, actionable and easy to understand for each developer in the team, applying best practices and preventing security issues from going to production."
Katie Teitler, industry analyst at TAG Cyber said: "Coming early into the development lifecycle is an attractive proposition, both for development lifecycles and for security teams. Since the platform is lightweight and quick to deploy through Docker, devs should feel instantly comfortable with it."
The StackHawk founding team has leveraged their backgrounds in DevOps and security to build the product that puts application security in developer's hands. Joni Klippert, StackHawk founder & CEO, has spent the past decade building DevOps products, most recently as the VP, Product at VictorOps (acquired by Splunk).
Joni Klippert said: "Digital Transformation has allowed for automation of many tasks associated with building, delivering and operating software in production. DevOps automation enables companies to deliver business value to their customers faster than ever before. However, security practices are not keeping up with the speed of modern software delivery. StackHawk empowers software engineers to deliver secure software to their customers at the speed of DevOps."
The focus on integrating into the modern engineering workflow and building features for developers was a leading factor for Sapphire to lead the round.
David Hartwig, Managing Director at Sapphire Ventures said: "With the rise of DevOps, companies have shifted to the frequent release of software and reliance on automation. How companies approach application security should be no different. We believe that StackHawk has the product and the team in place, led by Founder and CEO Joni Klippert, to deliver on developer-first automated application security testing in the DevOps pipeline, and we are excited to partner with them along their journey."
With the additional capital, StackHawk will continue product development, invest in go-to-market teams, and continue to support ZAP, the open source project that the company's platform is built upon.