According to a recent LinkedIn post from StackHawk, the company is emphasizing new capabilities to scan JSON-RPC APIs for security vulnerabilities such as injection, path traversal, server-side request forgery, and command execution. The post explains that traditional dynamic application security testing tools often overlook JSON-RPC because multiple methods are routed through a single endpoint, leaving the true attack surface in the method namespace.
Claim 30% Off TipRanks Premium
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Stay ahead of the market with the latest news and analysis and maximize your portfolio's potential
The company’s LinkedIn post highlights that its scanner now targets JSON-RPC alongside REST, GraphQL, SOAP, and gRPC, using a method definition file analogous to an OpenAPI spec for RPC. This expansion suggests StackHawk is positioning its platform to cover a broader range of modern architectures used in blockchain, microservices, IoT backends, and emerging frameworks, which could enhance its relevance to security-conscious developers and enterprises.
For investors, the post indicates a product roadmap focused on closing gaps in legacy scanning approaches and aligning with developer workflows. By addressing an under-served protocol that underpins several high-growth technology segments, StackHawk may be aiming to increase adoption among AppSec teams and potentially grow recurring revenue through deeper platform penetration in existing and new customer accounts.
The emphasis on automation of previously manual JSON-RPC testing could also signal efforts to reduce customers’ operational burden and improve security coverage, factors that can strengthen customer retention. If these capabilities are well received in the market, they could support StackHawk’s competitive positioning against other application security vendors that have limited JSON-RPC support, potentially improving its long-term growth prospects in the application security testing space.