Joni Klippert

And then another really important piece was the output as it was finding vulnerabilities in the open source version is it was so hard to discern what to pay attention to. It was just garbage output. And there's a statement that people say in cybersecurity, which is you can't get engineers to care about cybersecurity. That's bullshit. They do care about security. They care about quality.

And then another really important piece was the output as it was finding vulnerabilities in the open source version is it was so hard to discern what to pay attention to. It was just garbage output. And there's a statement that people say in cybersecurity, which is you can't get engineers to care about cybersecurity. That's bullshit. They do care about security. They care about quality.

And then another really important piece was the output as it was finding vulnerabilities in the open source version is it was so hard to discern what to pay attention to. It was just garbage output. And there's a statement that people say in cybersecurity, which is you can't get engineers to care about cybersecurity. That's bullshit. They do care about security. They care about quality.

But if you're a software engineer and your job is to deliver value to the market, and I give you a tool with output like this that's completely undiscernible, there's no way that they can afford to care about this.

But if you're a software engineer and your job is to deliver value to the market, and I give you a tool with output like this that's completely undiscernible, there's no way that they can afford to care about this.

But if you're a software engineer and your job is to deliver value to the market, and I give you a tool with output like this that's completely undiscernible, there's no way that they can afford to care about this.

And so we took the output of the scanning capability and made it super easy to bundle by vulnerability type, then the path, then the request response, so that you could just zero in immediately on what is the highest vulnerability, where can I go fix it, and how do I fix it fast so that I can continue my job as a software engineer of writing code.

And so we took the output of the scanning capability and made it super easy to bundle by vulnerability type, then the path, then the request response, so that you could just zero in immediately on what is the highest vulnerability, where can I go fix it, and how do I fix it fast so that I can continue my job as a software engineer of writing code.

And so we took the output of the scanning capability and made it super easy to bundle by vulnerability type, then the path, then the request response, so that you could just zero in immediately on what is the highest vulnerability, where can I go fix it, and how do I fix it fast so that I can continue my job as a software engineer of writing code.

So the MVP was in some, it's like taking an open source capability and just making it so easy to use and having a very PLG experience. So something that took weeks or months to instrument, a person could come to StackHawk, they could download the scanner, point it at a target and complete the scan in around seven minutes. I think was one of our fastest deployments.

So the MVP was in some, it's like taking an open source capability and just making it so easy to use and having a very PLG experience. So something that took weeks or months to instrument, a person could come to StackHawk, they could download the scanner, point it at a target and complete the scan in around seven minutes. I think was one of our fastest deployments.

So the MVP was in some, it's like taking an open source capability and just making it so easy to use and having a very PLG experience. So something that took weeks or months to instrument, a person could come to StackHawk, they could download the scanner, point it at a target and complete the scan in around seven minutes. I think was one of our fastest deployments.

And it was often like seven minutes to 10 minutes. So that was the MVP. And then we ended up adding obviously a bunch of goodies on top of that.

And it was often like seven minutes to 10 minutes. So that was the MVP. And then we ended up adding obviously a bunch of goodies on top of that.

And it was often like seven minutes to 10 minutes. So that was the MVP. And then we ended up adding obviously a bunch of goodies on top of that.

After ease of use, it started to become, how do we test APIs very thoroughly? Legacy DAST tools didn't really have knowledge of how applications were built today. They expected browser-based applications that you would try to spider and you look for places to have inputs, essentially fuzz with inputs, looking for outputs that generated vulnerabilities.

After ease of use, it started to become, how do we test APIs very thoroughly? Legacy DAST tools didn't really have knowledge of how applications were built today. They expected browser-based applications that you would try to spider and you look for places to have inputs, essentially fuzz with inputs, looking for outputs that generated vulnerabilities.

After ease of use, it started to become, how do we test APIs very thoroughly? Legacy DAST tools didn't really have knowledge of how applications were built today. They expected browser-based applications that you would try to spider and you look for places to have inputs, essentially fuzz with inputs, looking for outputs that generated vulnerabilities.

What we had to do is become the best possible API security testing platform because that one API route could serve 2000 pages on a website. So let's just scan the route and fix it at source. So it makes it rip and fast. And then when you fix something, it's going to fix downstream.

What we had to do is become the best possible API security testing platform because that one API route could serve 2000 pages on a website. So let's just scan the route and fix it at source. So it makes it rip and fast. And then when you fix something, it's going to fix downstream.