Overview
Uniquely tailored to AWS customers StackHawk can be easily deployed into AWS environments. The platform can run as part of your CI/CD pipeline with AWS CodeBuild and AWS CodePipeline to automate security testing as part of your software delivery.
Our approach to security StackHawk is the only dynamic application (DAST) and API security testing tool that runs in CI/CD, making API and application security testing part of software delivery. The StackHawk platform offers engineering teams the ability to find and fix application bugs at any stage of software development and gives Security teams insight into the security posture of applications and APIs being developed. The platform also contains generative AI technology that can help Security teams identify hidden APIs, providing information about what APIs exist, where they live, and who they belong to.
Pricing information Pricing is available as either StackHawk Pro or StackHawk Enterprise. With both pricing plans, users receive unlimited scans, environments and applications.
StackHawk Pro features: - Docker-based application security scanner - CI/CD automation - Historical scan data - cURL based reproduction criteria - Findings triage - REST, GraphQL & SOAP support - StackHawk CLI - Custom scan discovery - Applications dashboard - Custom test data for REST - Custom test data for GraphQL - HawkScan ReScan - gRPC support (coming soon) - Email and Slack based support - Slack, Snyk, GitHub, and CodeQL integrations
StackHawk Enterprise features: - ALL features and integrations in StackHawk Pro - Single sign-on - Role-based permissions - Activity history & audit log - Log4Shell vulnerability - Seed paths - API access for Scan Results - Executive summary report - Custom test scripts - Team-based access - Policy management - Dedicated Slack based support - Premier Zoom support - Generic webhooks, Microsoft Teams, and DefectDojo integrations
For more information, visit: https://www.stackhawk.com/pricing/
For custom pricing, EULA, or a private contract, please contact marketplace-orders@stackhawk.com , for a private offer.
Highlights
- Shift Security Left with Automated DAST Scanning: StackHawk is purpose-built to run in the DevOps pipeline, ensuring your team has eyes on any new vulnerabilities before they hit production.
- Reliably Test Applications and APIs: With StackHawk, you can easily align your DAST testing with your architecture, including REST, SOAP, and GraphQL APIs, for better performance and faster fixes.
- Developer Focused and Built to Scale AppSec Teams: StackHawk's modern approach to DAST enables developers to write secure software fast and gives Security teams the ability to scale at the speed of software being deployed.
Details
Features and programs
Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/12 months |
---|---|---|
StackHawk Pro | Priced per code contributor for applications under test (minimum 5) | $504.00 |
StackHawk Enterprise | Priced per code contributor for applications under test (minimum 5) | $708.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Unless otherwise agreed, email support is offered Monday - Friday during normal business hours. support@stackhawk.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Customer reviews
A Fast, Developer-Friendly Security Solution with Clear Remediation Guidance
DEV's Found It Easy To Integrate. INFOSEC Gets The DevSecOps View/Reporting
1. Adds a DAST function that automates discovery of vulns. Previously done by humans - not ideal.
2. Help us to create a DevSecOps culture. We are pairing this with Snyk to have a soup-to-nuts CI/CD analysis.
3. Both 1&2 help us meet GRC requirements. Code-development has become a focus for more than a few compliance/privacy rules.
Amazing automatable DAST tool
It is possible to run internal scans since it only needs the binary to run it.
Customer support has been great so far, they are always on and ready to answer any question, even their bot helps a lot.
The integration they have with Snyk makes it great when it comes to deeper analysis.
Some customization of scan policies would be neat, the current way to apply policies for scans is very manual.
The team has been very helpful with the onboarding process.
Fantastic DAST product for the container world
Container-first orientation - the container-first approach of StackHawk's scanners provides unparalleled flexibility and ease of integration within our workflows. Given our unique requirements and constraints, this architecture enables us to build custom scanning workflows easily with our own scaffolding with more powerful configuration than any other DAST scanner we've tested. This flexibility not only meets our current needs but also positions us well for future integration with developer-centric processes.
Customer support - StackHawk's customer success team has been exceptional in guiding us towards effective use of their product. They keep us engaged with regular updates and news, and they are incredibly responsive to our questions, feature requests, and bug reports. Their proactive support has been instrumental in maximizing the value we derive from StackHawk.
Engaging brand identity - on a personal note, I greatly appreciate StackHawk's creative bird-themed branding. Their attention to detail in maintaining a cohesive and engaging brand identity, even in their internal libraries, adds a touch of personality and fun to our interactions with the tool.