Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
It's a great DAST tool that easily integrates into our CI/CD pipeline
What do you like best about the product?
Stackhawk does a great job making configuring and running the scan as easy as possible by wrapping everything up to a docker container that can run both locally by developers and on CI.
What do you dislike about the product?
We've had to put in a little effort to get it to work with OAuth authentication, but it's much less work and more straightforward than anything else we tried.
What problems is the product solving and how is that benefiting you?
- SOC2 compliance requires running DAST, and Stackhawk helped us fill that need without a lot of effort.
- Monitors our website for security issues we might have missed during development.
- Monitors our website for security issues we might have missed during development.
- Leave a Comment |
- Mark review as helpful
Best security bug finder
What do you like best about the product?
It quickly finds the bug and supports our team by fixing that security vulnerability. It helps my team with REST and GraphQL API Scanning & Simple Fix Documentations too. It's easy to use.
What do you dislike about the product?
To this date,I Haven't found any issues from stackhawk.
What problems is the product solving and how is that benefiting you?
We're working on an application where we get a lot of customers. If any security issue might affect our data, we've fixed the vulnerabilities with stackhawk while it's in the pipeline. We believe in the quote, "Prevention is better to cure".
Recommendations to others considering the product:
Best anti-bug
Perfect Security product for your business needs
What do you like best about the product?
As we progress towards the future, Modern problems require modern solutions! StackHack is the perfect go-ahead for your business needs!
What do you dislike about the product?
The frequent updates with new technologies, but it's good to have the updates to stay ourselves protected!
What problems is the product solving and how is that benefiting you?
The frequent updates with new technologies, but it's good to have the updates to stay ourselves protected!
Easy to use
What do you like best about the product?
The app is really easy to use and setup. Running scans is pretty simple and easy to check out your security issues
What do you dislike about the product?
Honestly from using it for a few weeks already, I have nothing I dislike
What problems is the product solving and how is that benefiting you?
I'm running the scans on my personal app that had lots of security issues.
Recommendations to others considering the product:
Easy to use and setup
Shift Left on Security with Stackhawk
What do you like best about the product?
Stackhawk is extremely simple to set up. The user interface, documentation, and examples really pave the way for a successful implementation.
What do you dislike about the product?
I don't have anything to list as a dislike at the moment. Everything is working as expected.
What problems is the product solving and how is that benefiting you?
Our team is focusing on strengthening our security posture. Automated DAST scanning on our pull requests was a piece of the puzzle Stackhawk solved.
A good DAST Tool, easy to integrate in your CI pipeline
What do you like best about the product?
- A good knowledgeable and strong support and account team.
- Easy to integrate with the existing CI pipeline.
- Did a good job of reducing our vulnerabilities.
- A great UI to review.
- Easy to integrate with the existing CI pipeline.
- Did a good job of reducing our vulnerabilities.
- A great UI to review.
What do you dislike about the product?
- Needs better notification and improvements to the notifications.
- Alternate alerting system.
- Needs more product lines to make this a single use tool.
- Alternate alerting system.
- Needs more product lines to make this a single use tool.
What problems is the product solving and how is that benefiting you?
- Stackhawk has greatly reduced our vulnerabilities and keeps our code in check by integrating with the CI pipeline.
- The developers are always alerted for any new vulnerabilities introduced.
- The developers are always alerted for any new vulnerabilities introduced.
StackHawk is the best security scanner I've used, among about half a dozen
What do you like best about the product?
In no particular order:
I love their UI/UX. It presents issues clearly, where I can easily give them to junior programmers to investigate & fix with nothing more than a link to an issue or a scan. It provides good explanations for the issues it flags, as well as links to blog articles about the issues (sometimes specific to dealing with it in our particular framework). It also has detailed request data, including a cURL command to reproduce the issue, the response body, and highlights "evidence" it found attempting to prove that an issue is not a false positive.
Their PDF reports aren't just a print version of the dashboard, but a well-formatted, good-looking, PDF-specific design that is a good deliverable for clients or just to record our security issues at a particular moment in time. Their dashboard is also easy to grok as well.
I like that unlike other static analyzers that scan code to assess potential vulnerabilities, StackHawk scans your site to actually try to trigger vulnerabilities and produce evidence. Through this method, StackHawk found XSS vulnerabilities and warned about other potential issues that other tools didn't find, and were clearly reproduceable. Also, this method is more confidence inspiring, and has produced much fewer false positives than code analysis. Our company still uses static code analysis, as it is quick & cheap (good for continuous integration), but we now consider StackHawk the definitive tool for programmatic asessment of security vulnerabilities.
I also like their pricing model. The free tier is legitimately useful, the pricing upgrades make sense, and I can just do it all myself. Several competitors offer similar scan products but cost thousands of dollars per year and require talking to an account manager to set up. I did talk to a couple sales reps for other products, and as a non-profit looking to keep costs low, two different sales reps never got back to me about discounted plans (and their free plans were just limited trials). One I never actually tried because the whole product was paywalled, which is fine for bigger clients I assume, but inaccessible to me.
I love their UI/UX. It presents issues clearly, where I can easily give them to junior programmers to investigate & fix with nothing more than a link to an issue or a scan. It provides good explanations for the issues it flags, as well as links to blog articles about the issues (sometimes specific to dealing with it in our particular framework). It also has detailed request data, including a cURL command to reproduce the issue, the response body, and highlights "evidence" it found attempting to prove that an issue is not a false positive.
Their PDF reports aren't just a print version of the dashboard, but a well-formatted, good-looking, PDF-specific design that is a good deliverable for clients or just to record our security issues at a particular moment in time. Their dashboard is also easy to grok as well.
I like that unlike other static analyzers that scan code to assess potential vulnerabilities, StackHawk scans your site to actually try to trigger vulnerabilities and produce evidence. Through this method, StackHawk found XSS vulnerabilities and warned about other potential issues that other tools didn't find, and were clearly reproduceable. Also, this method is more confidence inspiring, and has produced much fewer false positives than code analysis. Our company still uses static code analysis, as it is quick & cheap (good for continuous integration), but we now consider StackHawk the definitive tool for programmatic asessment of security vulnerabilities.
I also like their pricing model. The free tier is legitimately useful, the pricing upgrades make sense, and I can just do it all myself. Several competitors offer similar scan products but cost thousands of dollars per year and require talking to an account manager to set up. I did talk to a couple sales reps for other products, and as a non-profit looking to keep costs low, two different sales reps never got back to me about discounted plans (and their free plans were just limited trials). One I never actually tried because the whole product was paywalled, which is fine for bigger clients I assume, but inaccessible to me.
What do you dislike about the product?
The only downside to StackHawk so far is the time a scan takes. While static code analysis can take just minutes, or even seconds when focusing on the files in a particular changeset, StackHawk's scans take hours to complete and require us to either ramp up our test server capacity or dedicate a developer's machine to the scan. Slow scan time is fine if we're focused on security for a particular assessment or quarterly review, but we can't use it as part of our continuous integration pipeline "out of the box." They do have documentation on reducing scan times by optimizing the routes it looks at, parallelizing certain areas of the site, etc, but we'd have to set up a fair bit of infrastructure to get this working. We might, someday, but it's certainly not as easy as just hooking up a code analyzer to Github.
Also, once you resolve an issue with your site, I couldn't find a way to re-run just that one issue and update the scan report because there isn't (or doesn't seem to be) a central list of issues. Instead, you have a list of scans, and although scans do show previously assigned/accepted/ignored issues as such in new scans, it displays scans as islands of their own. This just means to get a "clean" report we have to run an entirely new scan, which takes time, unless we also spend time optimizing our scan time. So far I've just let it run overnight, which minimizes my time spent, but re-checking just one issue would be nice.
Also, once you resolve an issue with your site, I couldn't find a way to re-run just that one issue and update the scan report because there isn't (or doesn't seem to be) a central list of issues. Instead, you have a list of scans, and although scans do show previously assigned/accepted/ignored issues as such in new scans, it displays scans as islands of their own. This just means to get a "clean" report we have to run an entirely new scan, which takes time, unless we also spend time optimizing our scan time. So far I've just let it run overnight, which minimizes my time spent, but re-checking just one issue would be nice.
What problems is the product solving and how is that benefiting you?
We're checking the attack area of our site for vulnerabilities before a significant feature release. StackHawk has found several real issues other analyzers or security consultancies didn't find, and with a very low signal-to-noise ratio. As mentioned previously, since the issues are presented so clearly, we've been able to assign these issues to be fixed by more junior programmers, which is an added cost benefit.
StackHawk demonstra ser uma ferramenta interessante em pipelines de desenvolvimento seguro
What do you like best about the product?
Gosto da facilidade de embarcar novas aplicações. É fácil e prático, facilitando a experiencia de uso de segurança no ciclo de desenvolvimento de aplicativos. além disso, a aplicação se serve de configurações nativas de desenvolvimento de APIs, através de arquivos OpenAPI.
What do you dislike about the product?
Ainda aparenta ser simplista demais para o nível esperado em ambientes corporativos. Falta um meio de gestão de multiplos projetos, mas acredito que será implementado em releases futuras.
What problems is the product solving and how is that benefiting you?
Estou implementando análise do tipo DAST, usando o tier free, e isso me possíbilita tornar meu ambiente opensource mais seguro. A principal funcionalidade é a automação de testes de segurança direto no pipeline de CI/CD.
A great dynamic company that is promising and a maverick in the world of DAST platforms
What do you like best about the product?
DAST tools have always been crude and traditional in the last decade. StackHawk brings a unique approach to DAST that is truly modern, easy to use and set up, and developer-friendly.
What do you dislike about the product?
There's nothing I dislike about StackHawk specifically, but there's room for improvement on their solution.
What problems is the product solving and how is that benefiting you?
Licensing models from other DAST companies does not provide flexibility and most of the time, cost-prohivitive. StackHawk's pricing are reasonable and allows our business to scale keeping our application security budget sustainable.
Recommendations to others considering the product:
If Shift-Left and DevSecOps is your strategy and goal, StackHawk is the right DAST tool for you
StackHawk for simplified security scans
What do you like best about the product?
StackHawk is very simple to set up and use, whether using the standard method of a Docker image or the new CLI tool. Either can easily be integrated with your choice of CI/CD system to automate the process for each developer's commits. We've found the resulting reports are easy to understand for both developers and management. In particular, we like the ability to replicate each test with the cURL command provided in the report. Support and sales have gone above and beyond in getting us set up.
What do you dislike about the product?
We haven't yet found anything we dislike about StackHawk. For our small business, it's been an ideal fit so far.
What problems is the product solving and how is that benefiting you?
We needed a quick security scan solution to help win a new account. StackHawk allowed us to close the deal while providing us with a solid on-going solution to find and fix security issues much earlier in our development cycle.
Recommendations to others considering the product:
I would recommend signing up for a free trial and testing it for yourself. StackHawk was simple to setup so it won't take much time to discover if it will meet your needs.
showing 21 - 30