New testing capability addresses authorization flaws responsible for 34% of security breaches, automating what used to require manual penetration testing.

DENVER, Dec. 16, 2025 /PRNewswire/ — Stackhawk, the shift-left runtime testing platform, today is adding Business Logic Testing (BLT) to its AppSec menu. Built for the AI era, StackHawk’s Business Logic Testing automates the detection of critical authorization flaws that account for 34% of security breaches.

Business logic flaws, such as broken object level authorization (BOLA) and broken function level authorization (BFLA), are top application security concerns that Stackhawk’s new BLT solution directly addresses. Identifying these flaws requires testing running applications with multiple users simultaneously—functionality that SAST and legacy DAST tools fundamentally lack. Manual penetration testing has been the only option for AppSec teams, consuming valuable budget and internal team time that doesn’t scale with modern development velocity.

Key Features of StackHawk Business Logic Testing:

Multi-User Role Testing: Allows detection of BOLA and BFLA vulnerabilities by configuring multiple user profiles to evaluate both horizontal authorization (User A accessing User B’s data) and vertical authorization (regular users performing admin functions).
Context-Aware Test Orchestration: Automatically generates intelligent test sequences from OpenAPI specifications, coordinating requests across user profiles to test whether authorization boundaries hold—no manual configuration of test flows required. StackHawk understands how your APIs relate: what order endpoints should be called, what data from one response feeds into the next request, and how to generate contextually appropriate test data.
Transparent Test Sequences: Visualized test sequence evidence in the StackHawk platform provides a comprehensive view of which roles were exercised, which parameters were extracted and injected, and the exact chain of steps leading to each discovered business logic flaw.

“Authorization testing has been notoriously difficult to automate because it requires orchestrating multiple user sessions and understanding complex API relationships,” said Scott Gerlach, CSO and Co-Founder of StackHawk. “This is why most organizations still rely on manual pentesting which is expensive and time consuming. But now teams can use StackHawk’s BLT solution to automatically run multi-user tests and leverage context-aware orchestration to find business logic flaws.”

StackHawk was recently named the outstanding API security platform by the Global Infosec Awards at RSA 2025. These prestigious global awards, by Cyber Defense Magazine, recognize innovators with compelling value propositions for their products in competitive infosecurity industries.

About StackHawk
StackHawk is reimagining AppSec for AI-driven development, where applications are built faster than traditional AppSec tools can keep up. Our AppSec Intelligence Platform combines scalable runtime testing with complete attack surface discovery from source code. We integrate directly into development workflows and provide context-aware remediations to developers, enabling teams to find and fix exploitable vulnerabilities before they reach production. With real-time visibility and centralized program intelligence, AppSec teams can prioritize testing and fixing what matters. Companies like British Airways, ITV, and Norstella trust StackHawk to evaluate application risk, prove program value, and scale testing coverage to match development velocity.

Media Contact
Adam LaGreca
Founder of 10KMedia
[email protected]

View original content to download multimedia:https://www.prnewswire.com/news-releases/stackhawk-adds-business-logic-testing-blt-to-its-appsec-platform-menu-302640202.html