According to a recent LinkedIn post from StackHawk, the company is emphasizing how the deployment environment for dynamic application security testing, or DAST, shapes the types of vulnerabilities that can realistically be assessed. The post contrasts the constraints and tradeoffs of running security scans in production, staging, and CI/CD pipeline stages across the software development lifecycle.
Claim 30% Off TipRanks Premium
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Stay ahead of the market with the latest news and analysis and maximize your portfolio's potential
The LinkedIn post suggests that production environments mainly support passive, read-only checks, which may help validate access controls with real users but limit the ability to safely test exploitability of issues such as SQL injection or price manipulation. For applications where code or staging access is restricted, production scanning is portrayed as a partial but sometimes necessary coverage approach.
By comparison, staging environments are described as better suited for aggressive testing, including injection attacks, authentication bypass attempts, and business logic exploitation. However, the post notes that staging-based findings often arrive after code has already been merged, potentially reducing developer context and slowing remediation relative to earlier-stage feedback.
The post highlights pipeline-level testing as a way to surface security findings directly in pull requests while developers remain focused on the relevant code. This approach is presented as requiring fast, locally running scanners that can operate inside CI/CD jobs, in contrast to legacy DAST tools that were designed to crawl entire applications from fixed network positions.
According to the post, StackHawk positions its architecture to support scanning at multiple stages—locally in the pipeline, adjacent to applications in staging, and against production—to increase coverage by leveraging each environment’s strengths. For investors, this emphasis on developer-centric, CI/CD-integrated security testing could signal a strategic focus on modern DevSecOps workflows and differentiation from older-generation DAST vendors.
If successfully executed and adopted, such capabilities may help StackHawk deepen its relevance with engineering and security teams that prioritize shift-left practices and rapid feedback loops. This positioning could enhance the company’s competitive stance in the application security market, potentially supporting growth through expanded usage within existing customers and improved appeal to organizations modernizing their software delivery pipelines.