Application security startup StackHawk announced today that it has raised a $10 million in Series A funding. The pre-emptive, oversubscribed round was led by Sapphire Ventures and included return seed backers Foundry Group, Costanoa Ventures, Flybridge Capital, and Matchstick Ventures. Launched just over a year ago, StackHawk has seen significant demand as a platform that helps developers implement security testing before applications are pushed into production — a trend in the industry known as “shifting security left.”
Read More: Deloitte: The Restaurant Of The Future Arrives Ahead Of Schedule
With widespread adoption of DevOps over the past decade, companies are shipping software to production more frequently than before, with many companies pushing to production multiple times per day. The traditional models of application security testing such as quarterly penetration tests or scheduled scans of the production application have struggled to keep up with this shift, resulting in inefficiencies and increased risk exposure. Modern companies, however, are integrating application security into their DevOps practices, checking for vulnerabilities early in the software development life cycle. This approach vastly shortens the time to find and fix vulnerabilities, leading to efficient development and secure applications.
StackHawk is an application security testing platform that allows DevOps teams to instrument automated dynamic application security testing (DAST) in the CI/CD pipeline. With this approach, engineering teams can instrument automated testing with every pull request, ensuring that vulnerabilities are caught long before they hit production. And with a strong focus on features for software developers, application security can scale across the engineering organization, creating significant efficiencies in fixing security bugs.
Adrián Moreno Peña, Tech Lead at VanMoof, describes the company’s use of StackHawk, “At VanMoof we work fast and lean, in a DevOps-way of working with empowered teams using smart tools to handle their work. It was about time to find InfoSec tools that fit with our vision — high productivity tools, flexible, adaptable and created with developers in mind. Using StackHawk we can make our security improvement process transparent, actionable and easy to understand for each developer in the team, applying best practices and preventing security issues from going to production.”
Read More: Alternative Data Group (AltDG) Releases A New Version Of Its Entity Mapper Ticker Tagging API
The modern approach to application security also resonates with Katie Teitler, industry analyst at TAG Cyber. “Coming early into the development lifecycle is an attractive proposition, both for development lifecycles and for security teams,” said Teitler. “Since the platform is lightweight and quick to deploy through Docker, devs should feel instantly comfortable with it.”
The StackHawk founding team has leveraged their backgrounds in DevOps and security to build the product that puts application security in developer’s hands. Joni Klippert, StackHawk founder & CEO, has spent the past decade building DevOps products, most recently as the VP, Product at VictorOps (acquired by Splunk).
“Digital Transformation has allowed for automation of many tasks associated with building, delivering and operating software in production. DevOps automation enables companies to deliver business value to their customers faster than ever before,” said Klippert. “However, security practices are not keeping up with the speed of modern software delivery. StackHawk empowers software engineers to deliver secure software to their customers at the speed of DevOps.”
The focus on integrating into the modern engineering workflow and building features for developers was a leading factor for Sapphire to lead the round. “With the rise of DevOps, companies have shifted to the frequent release of software and reliance on automation. How companies approach application security should be no different,” says David Hartwig, Managing Director at Sapphire Ventures. “We believe that StackHawk has the product and the team in place, led by Founder and CEO Joni Klippert, to deliver on developer-first automated application security testing in the DevOps pipeline, and we are excited to partner with them along their journey.”
With the additional capital, StackHawk will continue product development, invest in go-to-market teams, and continue to support ZAP, the open source project that the company’s platform is built upon.
Read More: Corcentric Appoints Chief Revenue Officer To Accelerate Global Growth