Listing Thumbnail

    StackHawk

     Info
    StackHawk is a DAST and API testing tool built for developers. With powerful automation and integration capabilities, StackHawk gives engineers the ability to find and fix security vulnerabilities in their AWS software development pipeline before they reach production.

    Overview

    Uniquely tailored to AWS customers StackHawk can be easily deployed into AWS environments. The platform can run as part of your CI/CD pipeline with AWS CodeBuild and AWS CodePipeline to automate security testing as part of your software delivery.

    Our approach to security StackHawk is the only dynamic application (DAST) and API security testing tool that runs in CI/CD, making API and application security testing part of software delivery. The StackHawk platform offers engineering teams the ability to find and fix application bugs at any stage of software development and gives Security teams insight into the security posture of applications and APIs being developed. The platform also contains generative AI technology that can help Security teams identify hidden APIs, providing information about what APIs exist, where they live, and who they belong to.

    Pricing information Pricing is available as either StackHawk Pro or StackHawk Enterprise. With both pricing plans, users receive unlimited scans, environments and applications.

    StackHawk Pro features: - Docker-based application security scanner - CI/CD automation - Historical scan data - cURL based reproduction criteria - Findings triage - REST, GraphQL & SOAP support - StackHawk CLI - Custom scan discovery - Applications dashboard - Custom test data for REST - Custom test data for GraphQL - HawkScan ReScan - gRPC support (coming soon) - Email and Slack based support - Slack, Snyk, GitHub, and CodeQL integrations

    StackHawk Enterprise features: - ALL features and integrations in StackHawk Pro - Single sign-on - Role-based permissions - Activity history & audit log - Log4Shell vulnerability - Seed paths - API access for Scan Results - Executive summary report - Custom test scripts - Team-based access - Policy management - Dedicated Slack based support - Premier Zoom support - Generic webhooks, Microsoft Teams, and DefectDojo integrations

    For more information, visit: https://www.stackhawk.com/pricing/ 

    For custom pricing, EULA, or a private contract, please contact marketplace-orders@stackhawk.com , for a private offer.

    Highlights

    • Shift Security Left with Automated DAST Scanning: StackHawk is purpose-built to run in the DevOps pipeline, ensuring your team has eyes on any new vulnerabilities before they hit production.
    • Reliably Test Applications and APIs: With StackHawk, you can easily align your DAST testing with your architecture, including REST, SOAP, and GraphQL APIs, for better performance and faster fixes.
    • Developer Focused and Built to Scale AppSec Teams: StackHawk's modern approach to DAST enables developers to write secure software fast and gives Security teams the ability to scale at the speed of software being deployed.

    Details

    Delivery method

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.

    12-month contract (2)

     Info
    Dimension
    Description
    Cost/12 months
    StackHawk Pro
    Priced per code contributor for applications under test (minimum 5)
    $504.00
    StackHawk Enterprise
    Priced per code contributor for applications under test (minimum 5)
    $708.00

    Vendor refund policy

    All fees are non-cancellable and non-refundable except as required by law.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Resources

    Support

    Vendor support

    Unless otherwise agreed, email support is offered Monday - Friday during normal business hours. support@stackhawk.com 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    61 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Bonam B.

    A Fast, Developer-Friendly Security Solution with Clear Remediation Guidance

    Reviewed on Nov 11, 2024
    Review provided by G2
    What do you like best about the product?
    StackHawk is an efficient and developer-friendly tool for application security testing. One of its standout features is the easy integration with CI/CD pipelines, making it straightforward to incorporate into existing development workflows. Additionally, the scan times are quick, allowing teams to identify and address security vulnerabilities without significant delays to deployment.
    What do you dislike about the product?
    if would be great if you guys provide score card & PDF report on email so that we can easily share with other prople higher managment
    What problems is the product solving and how is that benefiting you?
    mainly it highlightes the security flaws and outdated software recomondations
    Michael O.

    DEV's Found It Easy To Integrate. INFOSEC Gets The DevSecOps View/Reporting

    Reviewed on Oct 28, 2024
    Review provided by G2
    What do you like best about the product?
    The dev team found it fairl simple to get their codebase/apps (Python, BitBucket, Jenkins, Jira) integrated... we had a volunteer who went through the process & provide steps so the rest could cookie-cutter it.
    What do you dislike about the product?
    I am not a coder - I'm on the InfoSec side of the house. So my take about SH relates to the admin portal & reporting... both of which of very good. It was easy to invite devs to the portal & the reports provide info that I use to relay for compliance/security work.
    What problems is the product solving and how is that benefiting you?
    It does a few things for us:

    1. Adds a DAST function that automates discovery of vulns. Previously done by humans - not ideal.
    2. Help us to create a DevSecOps culture. We are pairing this with Snyk to have a soup-to-nuts CI/CD analysis.
    3. Both 1&2 help us meet GRC requirements. Code-development has become a focus for more than a few compliance/privacy rules.
    Alejandro F.

    Amazing automatable DAST tool

    Reviewed on Sep 17, 2024
    Review provided by G2
    What do you like best about the product?
    You can setup any type of authenticated scans due to its YAML configuration setup.
    It is possible to run internal scans since it only needs the binary to run it.
    Customer support has been great so far, they are always on and ready to answer any question, even their bot helps a lot.
    The integration they have with Snyk makes it great when it comes to deeper analysis.
    What do you dislike about the product?
    They need more reporting capabilities, more dashboard views to showcase the progress of vulnerabilities remediation.
    Some customization of scan policies would be neat, the current way to apply policies for scans is very manual.
    What problems is the product solving and how is that benefiting you?
    I can automate the security part of testing an application when it is deployed instead of having to do a manual pentest every single time.
    Government Relations

    The team has been very helpful with the onboarding process.

    Reviewed on Sep 14, 2024
    Review provided by G2
    What do you like best about the product?
    I managed to get most things working very quickly.
    What do you dislike about the product?
    I am trying to solve one issue: excluding the path /actuator from the scans. I have followed the docs and used the AI bot, but because I am in NZ, it is difficult to make contact with a real person due to timezone differences.
    What problems is the product solving and how is that benefiting you?
    Soc2 DAST compliance
    Information Technology and Services

    Fantastic DAST product for the container world

    Reviewed on Jul 16, 2024
    Review provided by G2
    What do you like best about the product?
    Central management platform - StackHawk's SaaS management platform significantly simplifies the management of our applications. It provides an intuitive workflow for issue triage and remediation, making it easier for our team to identify, prioritize, and address security vulnerabilities efficiently.

    Container-first orientation - the container-first approach of StackHawk's scanners provides unparalleled flexibility and ease of integration within our workflows. Given our unique requirements and constraints, this architecture enables us to build custom scanning workflows easily with our own scaffolding with more powerful configuration than any other DAST scanner we've tested. This flexibility not only meets our current needs but also positions us well for future integration with developer-centric processes.

    Customer support - StackHawk's customer success team has been exceptional in guiding us towards effective use of their product. They keep us engaged with regular updates and news, and they are incredibly responsive to our questions, feature requests, and bug reports. Their proactive support has been instrumental in maximizing the value we derive from StackHawk.

    Engaging brand identity - on a personal note, I greatly appreciate StackHawk's creative bird-themed branding. Their attention to detail in maintaining a cohesive and engaging brand identity, even in their internal libraries, adds a touch of personality and fun to our interactions with the tool.
    What do you dislike about the product?
    The most difficult part of working with StackHawk is the code-oriented nature of scripting, especially for application authentication. Many scanners use passive proxy mechanisms to capture authentication traffic, which makes it easy to get up and running rapidly with authenticated scanning. StackHawk does not offer this, opting instead for more powerful customization via their scripting engine. This may not be for everyone.
    What problems is the product solving and how is that benefiting you?
    We were able to meet our compliance requirements using other tooling, but StackHawk enabled us to implement headless, authenticated DAST in a fully-automated fashion so we no longer have to spend the time to execute scans manually. This was the main problem that drove us to StackHawk in the first place - but with some creativity, we are now planning for what we call the "ultimate shift left" for DAST, putting DAST directly in the hands of developers, in a controlled fashion. The automation, and subsequently putting the tool in the hands of developers, allows us to scale the application security program beyond just the application security team so that we achieve the coverage that we need.
    View all reviews