StackHawk raises USD 20.7M for dynamic app testing platform

Highlights –

• The company’s modern dynamic application security testing inspects all security aspects for running applications, services and APIs.
• Application security testing solutions like Stackhawk are a boon for firms as they provide a solution to identify and remediate issues proactively.

Utility safety testing supplier StackHawk announced that it had raised USD 20.7 million as part of a series B funding round, which was led by Sapphire Ventures and Costanoa Ventures. Foundry Group and high-value investors, too, participated. With the new funding, the company has raised USD 35.3 million.

Founded in 2019, StackHawk’s service aims to make application security testing part of software delivery. With the help of its platform, engineers can find and fix application security bugs quickly, no matter the stage of software development.

StackHawk’s dynamic application and API security testing runs automated security testing in CI/CD and makes security part of the developer workflow. It thus alerts the developer to proactively test code and identify quality issues based on failed unit tests or integration tests. This way, developers will be able to detect security vulnerabilities as they actively work on the code.

The company’s modern dynamic application security testing inspects all security aspects for running applications, services and APIs that a team has introduced open-source security bugs that are exploitable. StackHawk puts forward the solution as “built for developers, trusted by security” by shifting application security “to the left,” meaning earlier in the application development process.

What led to the investors funding this round was the fact that StackHawk offers corporations a solution to alleviate application security issues effectively so that developers do not spend time identifying issues manually when deploying on a daily or hourly basis.

Meeting the demands of the software development lifecycle

What led to the funding was the developers struggling to meet the demands of the software development lifecycle, wherein they are expected to ship new releases regularly, with little time to eliminate security or performance issues.

Application security testing solutions like Stackhawk are a boon for such firms as they provide a solution to identify and remediate issues proactively. They also offer a way to ensure that developers can trust the code they ship is secure.

“Forrester reports that application and API security exploits are the most common form of an external cyberattack affecting organizations today. This is because the way organizations find and fix application and API security issues has not evolved with the way software is delivered,” said Joni Klippert, founder and CEO at StackHawk.

“Engineering teams today are delivering software changes daily. But security testing has been left siloed, with security teams testing for vulnerabilities quarterly or annually, using manual testing methods. This disconnect is what leaves organizations’ apps, and APIs unprotected,” Klippert said.

StackHawk’s solution to this difficulty is simple: Arm developers with automated testing capabilities and notifications, which can help them code quickly and address coding issues whenever they’re identified.

The application security market

It’s expected that StackHawk’s growth is ongoing, given that the application security market is expected to grow from USD 6.38 billion in 2020 to reach USD 15.76 billion by 2026. This growth is fueled by the fact that today, more and more organizations seek new solutions to secure the applications and code they rely on.

The organization is in tough competition with the likes of other Dynamic Application Security Testing (DAST) providers, including Veracode, a nine-time leader in the Gartner Magic Quadrant for Application security testing and provides an application security solution with a mixture of SAST, DAST, SCA and automated application analysis capabilities.

Veracode recently announced that it saw a 13% rise in revenue since last year.

Yet another competitor is WhiteHat Security, an application security platform with dynamic testing making use of Artificial Intelligence (AI) and Machine Learning, with continuous vulnerability scanning, reporting and analytics. If reports are to be believed, the firm raised a total funding of over USD 50 million.

However, Klippert says that StackHawk is the only solution on the market built for DevSecOps and CI/CD workloads. “What really sets Stackhawk apart from legacy DAST vendors is the ability to run security tests in CI/CD.”