StackHawk API Key
Service Name: StackHawk
Service Description: StackHawk is a dynamic application security testing (DAST) platform that helps developers find and fix security vulnerabilities in web applications and APIs during the development process.
Service Address: https://www.stackhawk.com/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants access to StackHawk's API for scanning applications and managing security findings.
Secret Revokement URL: https://app.stackhawk.com/settings/apikeys
Secret Example: hawk.1234567890abcdef1234.1234567890abcdef1234
Suspicious Activity Investigation Instructions:
- Review StackHawk dashboard for unauthorized scans or configuration changes
- Check API usage logs for unusual patterns or unauthorized access
- Verify if any new scan configurations have been created without authorization
- Monitor for unexpected scan results or reports being generated
Mitigation Instructions:
- Log in to your StackHawk account at app.stackhawk.com
- Navigate to Settings > API Keys
- Locate the compromised API key and click "Revoke"
- Generate a new API key if needed
- Update the key in all legitimate applications and CI/CD pipelines
- Review security logs to identify any unauthorized actions taken with the compromised key