StackHawk, the software-as-a-service startup that empowers software engineers to easily find and fix application security bugs, today announced that Simon Bennetts has joined the team as Distinguished Engineer, Assessment Technologies. Bennetts will primarily focus on the ongoing development of the open source project he founded, the OWASP® Zed Attack Proxy (ZAP) web application security scanner, which is the world’s most frequently used web application security scanning tool.
StackHawk leverages the ZAP open source for its underlying scanning technology and has focused product development on functionality that serves developer-first security, such as CI/CD security test automation, support for modern development paradigms, and integrations with other developer tools. With a strong background building DevOps and developer tools, the founders of StackHawk saw an opportunity to build an application security product that is truly developer first, and Bennetts’ complementary background will further set StackHawk apart with a developer first mindset.
“Since founding ZAP, the vision has always been to deliver application security to developers,” Bennetts said. “While the project has been widely adopted by security teams and pen testers, I’m excited to work with a team dedicated to delivering our original vision of AppSec for devs and that also believes in growing the open source community.”
When they first met, Bennetts quickly found alignment with StackHawk founders Joni Klippert (CEO), Scott Gerlach (CSO), and Ryan Severns (COO) on the direction application security is headed. There is widespread acceptance of the need for security to shift left, but it is also a known fact that the shift has been slow to take hold. Much of this can be attributed to security tooling and processes that serve an outdated model, with post-deploy security tests and tooling built for enterprise security teams instead of the developers who are closest to the application.
“Simon’s work on the ZAP project has both changed the security and open-source worlds for the better. It became clear that we were highly aligned in our mission to bring application security into the hands of developers,” says Joni Klippert, CEO and Founder of StackHawk. “Simon joining the StackHawk team provides an exciting opportunity to invest more in the ZAP open source project, while also building capabilities that make it easy for enterprise development teams to streamline AppSec into their CI/CD pipelines.”
Bennetts has a strong foundation as a software engineer helping him better understand the obstacles developers face. He started work on ZAP in 2009 because he recognized his own need to have more visibility into the security of the applications he was working on. Since then, ZAP has gained widespread popularity, becoming the world’s most popular application security scanner. ZAP, now part of the OWASP Foundation, scans a running version of the application, finding possible security bugs in a process known as Dynamic Application Security Testing (DAST). It has become a cornerstone of application security, while still remaining a tool that is primarily used by security teams and external penetration testers.
In teaming up together, StackHawk will continue to invest in the underlying scanner technology with a strong commitment to keeping this open source. Bennetts will lead this charge, contributing the majority of his time to the project he founded. StackHawk will continue to build functionality around the ZAP scanner to make automated security testing simple and accessible for developers and DevOps teams, enabling security to truly shift left.