Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

StackHawk

StackHawk, Inc. | 1

Reviews from AWS Marketplace

0 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

61 reviews
from G2

External reviews are not included in the AWS star rating for the product.

    Matt M.

Solid CICD integration with a bright future

  • February 07, 2022
  • Review verified by G2

What do you like best about the product?
Slick CICD integration for a known scanning tool
What do you dislike about the product?
The core scanner is zap, without additional checks or enhancements.
What problems is the product solving and how is that benefiting you?
Automating our CICD pipeline for DAST with decent jira integration

    Charles E.

The Stackhawk Experience was impressive from the beginning to fully integrated into our CI/CD

  • February 07, 2022
  • Review verified by G2

What do you like best about the product?
The Stackhawk documentation was easy & helpful for our development team to integrate into our CI/CD. The Stackhawk team was very responsive, helpful & knowledgeable.
What do you dislike about the product?
No complaints. The product is producing findings with helpful remediation tips and recommendations.
What problems is the product solving and how is that benefiting you?
We've used Stackhawk to handle DAST scanning of our web hosted product and have already eliminated all High & Med findings, and now have real-time awareness to DAST security in our CI/CD pipeline to keep our product secure.

    Patrick R.

Good Tool for Appsec

  • February 07, 2022
  • Review provided by G2

What do you like best about the product?
Good tool for Dynamic App Scanning. Can greatly help with the Vulnerablity identification and remediation process
What do you dislike about the product?
Does not seem to be a way to scan multipage/multisite applications or Mobile.
What problems is the product solving and how is that benefiting you?
We are not currently implementing the product fully, just demo and poc phase.

    Ahsan A.

The Most Essential DevSecOps DAST Tool Available Today

  • February 05, 2022
  • Review provided by G2

What do you like best about the product?
Many people aren't familiar with application security testing, development security operations, or the dynamic tools that can be used to test and monitor products. I love how StackHawk allows a single point of context to maintain a developer account for free. At the same time, a single pro user is (at the time of writing this) roughly $35/month, around the same as a typical gym membership. Application security is critically important, and StackHawk makes it available to nearly everyone.
What do you dislike about the product?
There's nothing specifically to dliike, though I'd love to have more real time visual analytics formatted for mobile access.
What problems is the product solving and how is that benefiting you?
StackHawk allow for all sorts of ongoing testing of my company's mobile apps. We do penetration testing, MFA testing, password algorthm, E2EE, load, flow, API testing, and more on iOS, android, our PWAs, dashboards, and even throughout our AWS cloud - with which it integrates smoothly and seamlessly.
Recommendations to others considering the product:
Leverage the trial period to install and implement things early and with little to no risk or cost. Establish performance baselines, and then scan continuously as you deploy, roll out and release products.

    Ali A.

Awesome DAST scanning

  • February 04, 2022
  • Review verified by G2

What do you like best about the product?
Easy to integrate, unlimited scans and applications allowed in the plan, performs well, dockerized
What do you dislike about the product?
I wish there were more visibility into the types of rules or inputs that the scanner is using under the hood
What problems is the product solving and how is that benefiting you?
It's already revealed a few defects in APIs, and is integrated into SDLC process

    Brandon B.

Fantastic DAST tool for integrating with your CI/CD pipeline

  • February 04, 2022
  • Review verified by G2

What do you like best about the product?
The SaaS platform makes this product easy and fast to implement and aggregate findings to make it extremely easy to view and validate findings. The ability to seamlessly run a scan that is hosted locally in docker that will give you the same results as a deployed resource. This gives developers the ability to run their scans before ever committing code.
What do you dislike about the product?
The scanners lacks fine-grain customization into the underlying ZAP scanner. The configurations could expose more of the underlying functionality to customize scans better.
What problems is the product solving and how is that benefiting you?
We can now run DAST inside of our pipeline. This saves us time and gives us peace of mind.

    Information Technology and Services

StackHawk is a strong DAST product for companies that care about their application security programs

  • February 03, 2022
  • Review verified by G2

What do you like best about the product?
-Very strong CI/CD integration
-Augmented security detections to ZAP
-A slick, fast UI
-Supportive staff when we have questions
What do you dislike about the product?
-Needs more augmented detection to discover real risks
-Needs ability for custom detections/plugins
-More customization on findings and options for suppression
-Faster scans!
What problems is the product solving and how is that benefiting you?
-Finding "real" problems through run-time scans
-CI/CD integration for low/no touch scans for developers

    Computer Software

My encounter with StackHawk

  • February 03, 2022
  • Review provided by G2

What do you like best about the product?
The integration with my application was seamless. I just had to deploy a docker and run it, and the stat scanner reported the vulnerabilities almost instantly.
What do you dislike about the product?
StackHawk can improve the description of the vulnerabilities slightly to debug the issue faster. Stackhawk can give more examples for fixing security issues reported.
What problems is the product solving and how is that benefiting you?
I am trying to find security flaws in my application using StackHawk so that when I go into deployment, I don't get hacked. StackHawk benefitted me immensely by making the process seamless.
Recommendations to others considering the product:
Go ahead and use this product to get your applications tested for security vulnerabilities. Using StackHawk saves a lot of time and effort.

    Information Technology and Services

Excellent vulnerability scanner tool for REST APIs

  • January 26, 2022
  • Review provided by G2

What do you like best about the product?
The tool is straightforward to use and scan the APIs for vulnerabilities very quickly. Provides a docker image which could be directly used
What do you dislike about the product?
Sometimes, all the endpoints from the swagger spec is not recognized
What problems is the product solving and how is that benefiting you?
The main benefit is to scan the application for vulnerabilities quickly and helps in taking quick resolutions
Recommendations to others considering the product:
It is an excellent tool to scan your application for security vulnerabilities.

    Victor P.

Greatly helped in securing my side project; better than most other tools with a free tier

  • September 22, 2021
  • Review verified by G2

What do you like best about the product?
1. Comprehensive insights - Within an hour after doing the initial setup, I had actionable suggestions for issues I probably wouldn't have discovered otherwise. Most notably, it managed to identify cases in which my code would misbehave against hostile input, despite the fact that the code seemed perfectly fine from a logical point of view; the actual culprit was likely a mix of software versions and library dependencies, but this insight allowed me to develop a secure workaround.

It also had many other suggestions, which were very much welcome, and I feel a lot more confident that I've done right by my users after enacting those changes.

2. Insights are easy to replicate - the request and response are detailed for each call, so you can verify them yourself.

3. A final plus worth noting is that it's easy to integrate with your CI/CD pipeline on most of the popular repository hosting sites. It's also highly configurable - you can decide how long you want the scanner to run for in total and for each individual rule it checks against as well. This makes it easier to sustain, as you might want lighter checks if you run it often.
What do you dislike about the product?
The setup isn't the easiest compared to some competitors. You do have to download a Docker image and run the scanner, or integrate it into your CI/CD pipeline. However, this is a minor nitpick and I was up and running in less than 20 minutes.
What problems is the product solving and how is that benefiting you?
I needed a security tool that could automate the security audit/pentest process, but the project I wanted to use it for was small and didn't have a budget available.

After trying a few free tools, many of which gave me suggestions that were very low-risk or already addressed, or locked their better recommendations behind a paywall, I decided to try StackHawk.

I was very impressed with the results, as mentioned above. StackHawk helped me secure my project, and the generous offering on the free tier was perfect for my needs. I would happily recommend trying it to anyone looking to improve the security of their projects, and I especially praise them for offering such an excellent service on the free tier.

showing 31 - 40