Sales Development Representative

StackHawk officially launches alliances program to help AppSec teams navigate the AI era. Feb 04, 2026, 09:58 ET The new program equips channel partners to help customers secure applications at the pace of AI-driven development DENVER, Feb. 4, 2026 /PRNewswire/ - StackHawk, the company reimagining AppSec for AI-driven development, today announced a 100% commitment to channel partners with the launch of the StackHawk Alliances & Resellers Program (SHARP). Led by Jim Torson, StackHawk's Sr. Director Channel Sales, the new program is designed to help security-focused resellers deliver modern application security to customers navigating an increasingly complex AppSec landscape in the AI era. According to a recent StackHawk survey, 87% of organizations have adopted AI coding assistants such as GitHub Copilot, Cursor, or Claude Code, and keeping pace with AI-accelerated development is the #1 critical challenge for AppSec teams in 2026. Managing threats in an AI-driven reality requires rethinking AppSec from the ground up. StackHawk delivers what static analysis and legacy DAST can't: surfacing exploitable vulnerabilities and business logic flaws directly in CI/CD pipelines before code reaches production. By combining runtime testing with app attack surface discovery from source code, teams know exactly what exists, what they're protecting, and that their program is actually keeping pace. "We're going all-in on alliances because that's how customers win," said Jim Torson, Head of Partnerships at StackHawk. "Channel partners are trusted advisors helping organizations make sense of a rapidly changing AppSec landscape. Our partners are on the front lines helping customers keep pace with AI, and we're committed to giving them the tools, training, and margins to succeed." Why Partner with StackHawk The StackHawk Alliance Program launch reflects StackHawk's broader investment in the channel as a foundational go-to-market strategy. With strong early engagement from leading security partners and growing customer traction through the channel, the company is building for long-term, sustainable growth. Program benefits include 30%+ guaranteed margins with transparent pricing, exclusive NFR licenses and hands-on training, and dedicated services opportunities. Get the complete program details on the StackHawk blog. "I've spent 25 years in Application Security watching customers struggle with the same problem: too many alerts, not enough signal, and security teams that can't match the pace developers are expected to deliver. When release cycles shrink from months to hours, signal-to-noise ratio becomes everything," said David Nester, Sr. Practice Director, Application and Cloud Security at Trace3. "StackHawk flips that equation. It finds exploitable vulnerabilities in minutes and fits into how developers actually work. That's when we go from vendor to trusted advisor." Launch partners include Defy, GuidePoint, Myriad360, Optiv, Trace3, and WWT. Organizations interested in joining the StackHawk Partner Program can learn more on the StackHawk website. About StackHawk StackHawk is reimagining AppSec for AI-driven development, where applications are built faster than traditional AppSec tools can keep up. Our AppSec Intelligence Platform combines scalable runtime testing with complete attack surface discovery from source code. We integrate directly into development workflows and provide context-aware remediations to developers, enabling teams to find and fix exploitable vulnerabilities before they reach production. With real-time visibility and centralized program intelligence, AppSec teams can prioritize testing and fixing what matters. Companies like British Airways, ITV, and Norstella trust StackHawk to evaluate application risk, prove program value, and scale testing coverage to match development velocity. Media Contact Adam LaGreca Founder of 10KMedia [email protected] SOURCE StackHawk

Introducing intelligent Business Logic Testing: find authorization flaws pre-production. TL;DR: Today, StackHawk Inc. is launching Business Logic Testing (BLT), automated multi-user authorization testing that finds BOLA, BFLA, and privilege escalation vulnerabilities that single-user tools fundamentally cannot detect. The authorization testing challenge. Authorization flaws are the #1 and #5 vulnerabilities in the OWASP API Security Top 10, responsible for 34% of security breaches. These are the vulnerabilities attackers actually exploit: accessing other users' data, escalating privileges, bypassing payment flows. The problem? These flaws only appear at runtime when testing with multiple users simultaneously. "Can User A access User B's orders?" "Can a standard user escalate to admin privileges?" You need actual multi-user testing to answer these questions. Traditional automated security tools fundamentally can't do this. Single-user DAST tools test with one authenticated session, making cross-user authorization testing architecturally impossible. Static analysis tools flag suspicious code patterns but can't validate whether authorization actually works at runtime with real user sessions, actual data, and complex permission logic. Manual penetration testing has remained the go-to solution for business logic testing, but it's expensive, point-in-time, and can't keep pace with modern development velocity. When developers ship code multiple times daily (accelerated further by AI code assistants) manual authorization testing becomes a bottleneck that scales poorly. StackHawk's Business Logic Testing automates this work, enabling authorization validation at development velocity. What Business Logic flaws stackhawk finds. StackHawk has always detected technical vulnerabilities in APIs - SQL injection, XSS, insecure configurations, and single-user authorization issues like IDOR (Insecure Direct Object References). Business Logic Testing goes deeper, finding authorization flaws that only manifest when testing how different users interact with the same resources: BOLA (Broken Object Level Authorization) User A creates an order and receives order_id: 12345. BLT tests whether User B can call GET /orders/12345 and access User A's order details. If the API returns User A's data instead of 403 Forbidden, that's a BOLA vulnerability, and it's responsible for more data breaches than any other API vulnerability class. BFLA (Broken Function Level Authorization) A standard user calls DELETE /admin/users/123 or PUT /users/me with {"role": "admin"}. If the API allows these operations instead of returning 403 Forbidden, that's BFLA, vertical privilege escalation, where lower-privileged users perform higher-privileged functions. These authorization vulnerabilities consume significant penetration testing time with systematic work that must be repeated every release cycle - work that can now be automated to run continuously in your development pipeline. How Business Logic Testing works. StackHawk's BLT automates the multi-user authorization testing that previously required manual penetration testing, integrating it directly into your existing runtime application security testing workflow. This launch includes three major enhancements: context-aware test orchestration via Smart Crawl, multi-user testing capabilities, and updated UI showing complete request/response evidence for authorization findings. Smart Crawl is the intelligence layer that makes business logic testing possible. It analyzes your OpenAPI specifications (either user-provided or StackHawk-generated) and creates an execution plan that simulates how users or applications actually call your API. It maps inputs from one API operation to others and clusters related operations into logical execution flows. Unlike tools that use AI to probabilistically guess at API relationships, Smart Crawl's approach is transparent and deterministic. You can see exactly what's being tested, configure the test sequences, and understand precisely why findings were flagged. When authorization tests fail, you know exactly which user, which endpoint, and which business logic caused the issue - no black box to debug. Smart Crawl is now the foundation of all StackHawk scanning, dramatically reducing custom configuration requirements while improving scan accuracy and completeness. When combined with multi-user testing, it enables comprehensive business logic testing. To get started with BLT, StackHawk customers just need to define 2-3 user profiles (admin, member, guest) with different privilege levels in the stackhawk.yml. BLT executes coordinated tests where higher-privileged users create resources and lower-privileged users attempt unauthorized access. This isn't simulated - it's actual multi-user runtime testing that proves exploitability with full request/response evidence. For complex business logic scenarios - testing whether users can modify subscription tiers without payment validation, or validating that shared document permissions revoke correctly when team members leave - write custom test scripts in JavaScript or Kotlin that stay version-controlled alongside your code. When authorization flaws are identified, StackHawk provides detailed vulnerability reports showing exactly which user accessed what resource and how authorization was bypassed. Each finding includes the complete test sequence: which user attempted access, what resource they targeted, and the full request/response for both privileged and unprivileged users. Remediation guidance integrates directly into your development workflow through Jira tickets, Slack notifications, and pull request comments - delivering findings where developers actually work, while they're still in context of the code they wrote. Expanding its definition of DAST. From day one, StackHawk has always been dedicated to providing the most flexible and fast testing on the market. StackHawk Inc. firmly believe that is the only way to truly shift left into development pipelines where developers have the context and attention needed to fix critical vulnerabilities. With Business Logic Testing, StackHawk Inc. is encouraging its customers to add layers to their runtime testing strategy so they get the best of both worlds. Quick feedback in CI/CD pipelines catches obvious configuration errors (missing auth checks, exposed admin endpoints, basic IDOR issues) while developers are still in context, and fixes are cheapest. On top of that, you can now execute thorough business logic testing in test/staging environments where you can safely: * Test destructive operations (DELETE endpoints, privilege escalation) * Use realistic user roles with actual permission hierarchies * Validate against seeded test data for reproducible results * Run complex multi-step authorization flows This isn't a limitation - it's intelligent architecture. Production-focused tools cannot safely test privilege escalation or destructive operations in live environments, meaning they miss entire classes of authorization vulnerabilities. Staging environments enable the thorough testing that actually finds exploitable flaws. Get started. Combined with StackHawk's API discovery from source code and AI-generated OpenAPI specs, StackHawk's BLT provides the most comprehensive and programmatic way to test APIs for authorization flaws. StackHawk Inc. know how many cycles this type of manual testing takes up for internal and external pen testing teams, and StackHawk Inc. is excited to lighten the load for its customers. In the era of AI-driven development, AppSec teams need every advantage they can get to reduce breach risk without adding headcount or budget. Ready to try it out? Business Logic Testing is available now for all StackHawk customers, scaling authorization testing as part of your existing StackHawk testing suite. Visit its documentation to configure your first multi-user test, or schedule a demo to see BLT in action.

Closing the gap between code and runtime: Cycode and StackHawk unite on a comprehensive Application Security approach. Modern AppSec teams face an enduring challenge: runtime context is critical to surface risks that appear in running applications vs code itself; however at many organizations, security testing and secure development remain disconnected functions. Vulnerabilities get rediscovered at runtime, tickets get created, but developers are still left with unclear ownership of what to fix. That's why Cycode and StackHawk are partnering to bridge the gap between code and runtime, uniting StackHawk's developer-focused dynamic application security testing (DAST) with Cycode's Application Security Posture Management (ASPM) platform. The result is seamless feedback loops and faster remediation that connects runtime testing to its precise code origin. From discovery to fix: making DAST actionable. StackHawk's modern DAST engine scans running web apps, APIs, and microservices directly within the CI/CD pipeline, surfacing real, exploitable vulnerabilities pre-production. Cycode ingests these findings automatically and correlates them with SDLC metadata such as repositories, commits, branches, and code owners. This integration allows security and engineering teams to: * Map runtime findings back to source code: instantly identify which repository and developer introduced the issue. * Contextualize risk: enrich findings with Cycode's Risk Intelligence Graph, showing where vulnerabilities intersect with build systems, cloud assets, and dependencies. * Accelerate remediation workflows: automatically create and assign tickets in Jira, GitHub, or GitLab. * Validate fixes automatically: retest with StackHawk to confirm that issues are resolved. By connecting code-to-runtime insights, Cycode and StackHawk eliminate the hand-offs and blind spots that slow down modern AppSec programs. Why Cycode and StackHawk fit naturally Together. | Capability | StackHawk | Cycode | | Testing Focus | Dynamic testing for web apps, APIs, and microservices | Code, IaC, secrets, dependencies (SAST/SCA/IaC) | | Insight Layer | Discoverability and exploitability context from runtime | Source code mapping, ownership, and posture analytics | | Remediation | Automated retesting and fix validation | Assignment, policy orchestration, and workflow automation | Together, they create a single feedback loop from discovery to validation, making runtime testing part of the continuous SDLC. Real-World example: from runtime alert to code commit in minutes. Imagine StackHawk detects an authentication bypass vulnerability in a staging API. Ordinarily, tracing that finding back to the right code owner could take days. * Cycode maps the affected endpoint to its repository, commit, and developer. * A Jira issue is auto-generated with full context and ownership. * The developer fixes the issue and pushes a pull request. * StackHawk re-runs the test to validate remediation, automatically closing the loop. What once took days of manual effort now happens in a single automated workflow. The impact: faster fixes, stronger coverage. Organizations adopting the Cycode + StackHawk integration gain: * Unified visibility across all AppSec findings and assets * Reduced MTTR by routing issues directly to code owners * Prioritization grounded in exploitability and exposure * Improved SDLC posture tracking through Cycode's Risk Intelligence Graph This partnership transforms DAST from a high-signal yet often disconnected security testing tool into a proactive, developer-friendly safeguard, closing the loop between discovery, remediation, and validation. Get started. The Cycode + StackHawk integration will be available soon. To get access to early testing, please contact your Cycode or StackHawk representative.