Skip to content

StackHawk API Key

Service Name: StackHawk

Service Description: StackHawk is a dynamic application security testing (DAST) platform that helps developers find and fix security vulnerabilities in web applications and APIs during the development process.

Service Address: https://www.stackhawk.com/

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants access to StackHawk's API for scanning applications and managing security findings.

Secret Revokement URL: https://app.stackhawk.com/settings/apikeys

Secret Example: hawk.1234567890abcdef1234.1234567890abcdef1234

Suspicious Activity Investigation Instructions:

  • Review StackHawk dashboard for unauthorized scans or configuration changes
  • Check API usage logs for unusual patterns or unauthorized access
  • Verify if any new scan configurations have been created without authorization
  • Monitor for unexpected scan results or reports being generated

Mitigation Instructions:

  • Log in to your StackHawk account at app.stackhawk.com
  • Navigate to Settings > API Keys
  • Locate the compromised API key and click "Revoke"
  • Generate a new API key if needed
  • Update the key in all legitimate applications and CI/CD pipelines
  • Review security logs to identify any unauthorized actions taken with the compromised key