Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
A Fast, Developer-Friendly Security Solution with Clear Remediation Guidance
What do you like best about the product?
StackHawk is an efficient and developer-friendly tool for application security testing. One of its standout features is the easy integration with CI/CD pipelines, making it straightforward to incorporate into existing development workflows. Additionally, the scan times are quick, allowing teams to identify and address security vulnerabilities without significant delays to deployment.
What do you dislike about the product?
if would be great if you guys provide score card & PDF report on email so that we can easily share with other prople higher managment
What problems is the product solving and how is that benefiting you?
mainly it highlightes the security flaws and outdated software recomondations
- Leave a Comment |
- Mark review as helpful
DEV's Found It Easy To Integrate. INFOSEC Gets The DevSecOps View/Reporting
What do you like best about the product?
The dev team found it fairl simple to get their codebase/apps (Python, BitBucket, Jenkins, Jira) integrated... we had a volunteer who went through the process & provide steps so the rest could cookie-cutter it.
What do you dislike about the product?
I am not a coder - I'm on the InfoSec side of the house. So my take about SH relates to the admin portal & reporting... both of which of very good. It was easy to invite devs to the portal & the reports provide info that I use to relay for compliance/security work.
What problems is the product solving and how is that benefiting you?
It does a few things for us:
1. Adds a DAST function that automates discovery of vulns. Previously done by humans - not ideal.
2. Help us to create a DevSecOps culture. We are pairing this with Snyk to have a soup-to-nuts CI/CD analysis.
3. Both 1&2 help us meet GRC requirements. Code-development has become a focus for more than a few compliance/privacy rules.
1. Adds a DAST function that automates discovery of vulns. Previously done by humans - not ideal.
2. Help us to create a DevSecOps culture. We are pairing this with Snyk to have a soup-to-nuts CI/CD analysis.
3. Both 1&2 help us meet GRC requirements. Code-development has become a focus for more than a few compliance/privacy rules.
Amazing automatable DAST tool
What do you like best about the product?
You can setup any type of authenticated scans due to its YAML configuration setup.
It is possible to run internal scans since it only needs the binary to run it.
Customer support has been great so far, they are always on and ready to answer any question, even their bot helps a lot.
The integration they have with Snyk makes it great when it comes to deeper analysis.
It is possible to run internal scans since it only needs the binary to run it.
Customer support has been great so far, they are always on and ready to answer any question, even their bot helps a lot.
The integration they have with Snyk makes it great when it comes to deeper analysis.
What do you dislike about the product?
They need more reporting capabilities, more dashboard views to showcase the progress of vulnerabilities remediation.
Some customization of scan policies would be neat, the current way to apply policies for scans is very manual.
Some customization of scan policies would be neat, the current way to apply policies for scans is very manual.
What problems is the product solving and how is that benefiting you?
I can automate the security part of testing an application when it is deployed instead of having to do a manual pentest every single time.
The team has been very helpful with the onboarding process.
What do you like best about the product?
I managed to get most things working very quickly.
What do you dislike about the product?
I am trying to solve one issue: excluding the path /actuator from the scans. I have followed the docs and used the AI bot, but because I am in NZ, it is difficult to make contact with a real person due to timezone differences.
What problems is the product solving and how is that benefiting you?
Soc2 DAST compliance
Fantastic DAST product for the container world
What do you like best about the product?
Central management platform - StackHawk's SaaS management platform significantly simplifies the management of our applications. It provides an intuitive workflow for issue triage and remediation, making it easier for our team to identify, prioritize, and address security vulnerabilities efficiently.
Container-first orientation - the container-first approach of StackHawk's scanners provides unparalleled flexibility and ease of integration within our workflows. Given our unique requirements and constraints, this architecture enables us to build custom scanning workflows easily with our own scaffolding with more powerful configuration than any other DAST scanner we've tested. This flexibility not only meets our current needs but also positions us well for future integration with developer-centric processes.
Customer support - StackHawk's customer success team has been exceptional in guiding us towards effective use of their product. They keep us engaged with regular updates and news, and they are incredibly responsive to our questions, feature requests, and bug reports. Their proactive support has been instrumental in maximizing the value we derive from StackHawk.
Engaging brand identity - on a personal note, I greatly appreciate StackHawk's creative bird-themed branding. Their attention to detail in maintaining a cohesive and engaging brand identity, even in their internal libraries, adds a touch of personality and fun to our interactions with the tool.
Container-first orientation - the container-first approach of StackHawk's scanners provides unparalleled flexibility and ease of integration within our workflows. Given our unique requirements and constraints, this architecture enables us to build custom scanning workflows easily with our own scaffolding with more powerful configuration than any other DAST scanner we've tested. This flexibility not only meets our current needs but also positions us well for future integration with developer-centric processes.
Customer support - StackHawk's customer success team has been exceptional in guiding us towards effective use of their product. They keep us engaged with regular updates and news, and they are incredibly responsive to our questions, feature requests, and bug reports. Their proactive support has been instrumental in maximizing the value we derive from StackHawk.
Engaging brand identity - on a personal note, I greatly appreciate StackHawk's creative bird-themed branding. Their attention to detail in maintaining a cohesive and engaging brand identity, even in their internal libraries, adds a touch of personality and fun to our interactions with the tool.
What do you dislike about the product?
The most difficult part of working with StackHawk is the code-oriented nature of scripting, especially for application authentication. Many scanners use passive proxy mechanisms to capture authentication traffic, which makes it easy to get up and running rapidly with authenticated scanning. StackHawk does not offer this, opting instead for more powerful customization via their scripting engine. This may not be for everyone.
What problems is the product solving and how is that benefiting you?
We were able to meet our compliance requirements using other tooling, but StackHawk enabled us to implement headless, authenticated DAST in a fully-automated fashion so we no longer have to spend the time to execute scans manually. This was the main problem that drove us to StackHawk in the first place - but with some creativity, we are now planning for what we call the "ultimate shift left" for DAST, putting DAST directly in the hands of developers, in a controlled fashion. The automation, and subsequently putting the tool in the hands of developers, allows us to scale the application security program beyond just the application security team so that we achieve the coverage that we need.
Positive product experience with helpful resources.
What do you like best about the product?
It's very fast to setup and get integrated. It has great configuration support and additional options.
What do you dislike about the product?
A downside to StackHawk is it's inability to create API endpoint collections automatically. At the time of this review it is not a function, or atleast a public one.
What problems is the product solving and how is that benefiting you?
StackHawk helps us identify vulnerabilities in API services and code - closer to the developer and less removed.
Fast, consistently updated DAST scan tool with premium support
What do you like best about the product?
Stackhawks people are my favorite part. Always updating and having a feel like they are an extension of my company always makes for a great vibe.
The scanning platform is fast. Default settings for scans, done via yaml markup, run great though they allow me to customize runners and spec for the container which runs said scan. Tuning this can make my scans greatly faster.
It's true integration to my CI, of which I use GitHub actions, and now with shift left knowing about vulnerabilities earlier in the process has kept us with a clean setup that no longer adds tech debt to our process.
The support is phenominal. The web chat is responsive, but they also helped make a Slack channel integration with our team to communicate updates and work through specific features.
The scanning platform is fast. Default settings for scans, done via yaml markup, run great though they allow me to customize runners and spec for the container which runs said scan. Tuning this can make my scans greatly faster.
It's true integration to my CI, of which I use GitHub actions, and now with shift left knowing about vulnerabilities earlier in the process has kept us with a clean setup that no longer adds tech debt to our process.
The support is phenominal. The web chat is responsive, but they also helped make a Slack channel integration with our team to communicate updates and work through specific features.
What do you dislike about the product?
The only downside I can think of is when using Jenkins the containers it pulls down and reporting it does for a scan soaks up a bunch of disk on my Jenkins nodes and I end up having to do docker cleanup.
What problems is the product solving and how is that benefiting you?
Ease of configuration per microservice and getting our scans in the faces of developers further up the pipeline before code vulnerabilities are merged.
Overall a decent front end to ZAP scanning
What do you like best about the product?
Relatively easy to use once initial setup is done. Easy to add in automation. Decent interface. Customer support was very helpful.
What do you dislike about the product?
Not quite intuitive setup, so a bit of a learning curve. Hard to manage vulnerabilities from a perspective of seeing how to manually reproduce and also to mark as false positive. No ability to mark application types and have custom severity on certain vulns based on that. eg XSS in website is more serious than in a json api.
What problems is the product solving and how is that benefiting you?
We needed to scan our APIs daily to pick up any low hanging fruit and make sure it gets remediated immediately
Stackhawk has been a great tool to implement inside of our CI/CD pipeline for DAST scanning.
What do you like best about the product?
The flexability of delpoyment is great when deploying rapidly.
What do you dislike about the product?
There is not much training offered to get started with the tool.
What problems is the product solving and how is that benefiting you?
It is solving our need to actively scan our in house developed applications and microservices.
Great SaaS-first DAST product
What do you like best about the product?
StackHawk was built with a SaaS first mindset, unlike many of the competing products in the space, which made it a perfect fit for our needs. It has just the right number of features and does what it does very well.
We've been able to automate much of our interaction with the product through the robust APIs provided out of the box. Integrations are easy and straight forward. As a result, we're able to scan our products for vulnerabilities on every build as well as via continuous scanning from our CI/CD tooling.
I love the Slack-based customer support. As an early customer, we've been able to participate in beta and even pre-release design and have a great relationship with the StackHawk team.
We've been able to automate much of our interaction with the product through the robust APIs provided out of the box. Integrations are easy and straight forward. As a result, we're able to scan our products for vulnerabilities on every build as well as via continuous scanning from our CI/CD tooling.
I love the Slack-based customer support. As an early customer, we've been able to participate in beta and even pre-release design and have a great relationship with the StackHawk team.
What do you dislike about the product?
We've struggled with some of our larger APIs not completing scans in a timely manner. The StackHawk support team has been great about helping us solve for it.
What problems is the product solving and how is that benefiting you?
We've shifted our security to the left and StackHawk helped us do that in an easy, automated way. We're able to scan our internet-facing solutions early and often to ensure we're not introducing vulnerabilities in our products.
showing 1 - 10