Getting Started with StackShield
Learn what StackShield does, how it works, and how to protect your first domain in under 5 minutes.
What is StackShield?
StackShield is a continuous external security monitoring platform for web applications. It scans your domains from the outside — the same way an attacker would — to detect vulnerabilities, misconfigurations, and security issues before they can be exploited.
Unlike code-level static analysis tools, StackShield tests what's actually deployed and accessible on the internet: your SSL certificates, security headers, exposed files, authentication endpoints, and more.
How StackShield works
- You add a domain — tell StackShield which domains to monitor
- We scan externally — automated tests probe your domain for 26+ security issues
- Issues are detected — failed tests generate trackable issues with severity levels
- You get notified — alerts via email, Slack, Teams, or webhooks
- You fix and verify — follow our remediation guides, then re-scan to confirm
Quick start
Step 1: Create your account
Sign up for StackShield with your email or social login. You'll be taken through a quick onboarding flow to set up your first domain.
Step 2: Add your first domain
Enter the domain you want to monitor (e.g., example.com or app.example.com). StackShield will parse the domain and create a security check for it.
You can choose which security tests to run and configure a scan schedule. For your first check, we recommend keeping all tests enabled so you get a full picture of your security posture.
Step 3: Run your first scan
Click Run Scan to trigger an immediate security scan. The scan typically takes 1-3 minutes depending on the number of tests enabled. You'll be taken to the scan progress page where you can watch results come in live.
Step 4: Review your results
Once the scan completes, you'll see a summary of passed, failed, and warning tests. Each failed test includes:
- Severity level — Critical, High, Medium, or Low
- Detailed findings — exactly what was detected and why it matters
- Remediation steps — how to fix the issue with code examples
- Technical details — raw data from the scan for your reference
Step 5: Set up ongoing monitoring
Configure a scan schedule (daily is recommended) and set up notifications so you're alerted when new issues are detected. See the Scheduling and Notifications guides for details.
Understanding the dashboard
Your dashboard is the central hub for your security posture. It shows:
Stats overview
Total monitored domains, active scans in progress, priority issues requiring attention, and how many domains are at risk.
Priority actions
Critical and high severity findings that should be addressed first, with direct links to the affected issue.
Checks summary
Status of each monitored domain — whether scans are passing, failing, or in progress, with test pass/fail counts.
Recent scans
Your most recent scan results with quick access to view full details.
Key concepts
Check
A domain you're monitoring. Each check has its own test configuration, schedule, and scan history.
Scan
A single run of all enabled security tests against a check. Scans can be triggered manually, on a schedule, or via CI/CD.
Test
An individual security check within a scan (e.g., SSL validation, security headers, brute force detection). Each test produces a pass, fail, or warning result.
Issue
A persistent security problem detected by a failed test. Issues are deduplicated across scans so you don't get duplicate alerts for the same problem.
Team
Your workspace. All checks, scans, and issues belong to a team. You can invite team members and configure team-wide notification settings.
Next steps
- Security Checks — learn how to configure checks and tests in detail
- Scans & Results — understand scan results and test findings
- Notifications — set up alerts for your team
- CI/CD Integration — add security scanning to your deployment pipeline