Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Very happy user, even happier customer!
What do you like best about the product?
Ease of use + robust integrations = wow!
What do you dislike about the product?
Still developing a few nice-to-have features, but nothing that is preventing me from significant usage.
What problems is the product solving and how is that benefiting you?
Love helping developers learn and own application security. Helps CISO job and makes for a more resilient and reliable code stack.
- Leave a Comment |
- Mark review as helpful
Great Dast for Modern Applications
What do you like best about the product?
The Stackhawk dashboard is intuitive and functional. I also really appreciate the low level of false positives as well.
What do you dislike about the product?
It would be helpful if there were a way to automatically scan APIs without swagger documentation.
What problems is the product solving and how is that benefiting you?
Stackhawk is allowing us to shift left security vulnerability patching. We can scan at commit time and allow developers to fix bugs before they are checked into version control.
Fast and effective DAST tool
What do you like best about the product?
StackHawk is an excellent tool built to find vulnerabilities developers typically miss and do not foresee when building applications. The support for both SOAP and REST APIs make it versatile to use for a variety of applications. The scan times are quick and resources are easily customizable in the Docker container. The ability to test against certain technologies using flags is a great plus to speed up scan times as well. The support team's quick turnaround times to resolve troubleshooting problems is a great asset to have when onboarding applications.
What do you dislike about the product?
Only supports running in a Docker container, would love to see a .jar extension to attach to applications for faster onboarding when containers are not readily available for use
What problems is the product solving and how is that benefiting you?
This is the first DAST tool we have adopted and have begun implementing this into our CI/CD workflows. Ultimately we aim to identify all vulnerabilities wherever possible to ensure our ecosystem is safe and secure, and StackHawk is providing great value to our goal. The quick scan times provide an easier integration with the remaining components of our pipelines, and the ability to scan SOAP apps is a must until we're able to retire our legacy apps or convert them to REST APIs. Developers are also able to scan applications from their local workstations to capture vulnerabilities early on and wherever else StackHawk is not yet integrated into our CI/CD pipeline for a particular application.
Awesome security automation with GraphQL support
What do you like best about the product?
We've had nothing but a great experience working with the StackHawk team and their security automation tool. Our team operates in a continuous delivery environment, with several concurrent branches and environments at any given time. We release code several times per day, and StackHawk is able to provide us real-time scans of all of our branches, environments, and production deploys without any additional developer effort beyond initial setup.
What do you dislike about the product?
We had some initial issues with getting the scans to work with our GraphQL endpoints, but we were able to work closely with the StackHawk team, and this has since become a non-issue. I'm not aware of many other dynamic security testing providers that have such robust GraphQL support. Kudos to the StackHawk team for leaning in and delivering an excellent solution for GraphQL security testing.
What problems is the product solving and how is that benefiting you?
Automated dynamic security testing helps us build a more secure platform, as well as gives our customers confidence that we take security seriously and partner with the best providers.
Recommendations to others considering the product:
Setup a shared Slack channel, and you will receive answers to your questions blazingly fast!
Great DAST Scanner that empowers developers
What do you like best about the product?
Easy to configure applications, containerized scanning, high-quality API & GraphQL scanning, and unlimited application scanning
What do you dislike about the product?
We are currently working with the StackHawk team to reduce the number of false positives. Since the scanner works off of ZAP, improvements can be made to reduce the number of false positives in the scans. Additionally, recommendations can be improved to include action items relevant to the developer.
What problems is the product solving and how is that benefiting you?
Traditional DAST scanners scan a few assets at a scheduled time and can only find vulnerabilities after they have hit production. StackHawk allows us to empower developers and scan an unlimited number of applications before issues hit production. Additionally, StackHawk offers GraphQL and API scanning capabilities not found with other vendors.
Easy and efficient scanning tool
What do you like best about the product?
- StackHawk is easy to take in to use
- Built on the ZAP scanner, and they support its development as well
- You can run it in different environments with Docker
- Produces clear reports on the findings, and you can manage them with the UI so that false positives don't show up on every scan
- Built on the ZAP scanner, and they support its development as well
- You can run it in different environments with Docker
- Produces clear reports on the findings, and you can manage them with the UI so that false positives don't show up on every scan
What do you dislike about the product?
I don't have anything to complain about. Their support solved all the problems we had during the onboarding process. Maybe it would be beneficial to have an even more detailed log on the scanner's action to debug issues.
What problems is the product solving and how is that benefiting you?
We use it to catch security problems automatically during the development process and use the results it generates when we plan for security audits.
Very good on boarding process
What do you like best about the product?
The onboarding process to get the tests running is very helpful. The StackHawk employees take the time if you have questions, and they are very willing to help.
I like the technology of the test tool.
I like the technology of the test tool.
What do you dislike about the product?
I got some problems with our corporate firewall/proxy. It's not easy to get this running. But even thought StackHawk helped to look into the isuues.
What problems is the product solving and how is that benefiting you?
To find security issues in our apps. Without any big changes in our apps StackHawk is scanning the apps.
Recommendations to others considering the product:
Ask questions if you have any problems setting up StackHawk.
StackHawk Eases My Mind
What do you like best about the product?
As a cybersecurity professional, I constantly worry about vulnerabilities in our applications. StackHawk outlines exactly what we need to do to make the application more secure, and I don't have to go about my day worrying about what might be out there without my knowledge. It does all of the scanning that would have previously taken hours, and it does it in a matter of minutes. This leaves more time in my day to focus on other aspects of security.
What do you dislike about the product?
I have not found anything to dislike yet.
What problems is the product solving and how is that benefiting you?
Through the initial scan, we learned of numerous vulnerabilities in our application, and we were provided with the severity of each. These were not obvious to us before the scan, so we gained immense insight from this.
Stackhawk offers a cutting edge DAST tool that integrates the way we need it to
What do you like best about the product?
After evaluating several vendors, We chose to use Stackhawk because of how well it integrated with our CI/CD process and that it works really well in containers, whereas most competitors are harder (or impossible) to implement with our configuration. Their team is engaged and responsive. Their solution is modern and easy to use. I'm happy we selected this solution.
What do you dislike about the product?
I don't have any complaints about using Stackhawk.
What problems is the product solving and how is that benefiting you?
The key benefit for us of using Stackhawk is having a Dynamic Application Security Testing (DAST) tool that runs in our containers effectively. This has been a key differentiator for us.
In-depth and invaluable security insight packaged into the best UI you've ever seen
What do you like best about the product?
The detailed descriptions of vulnerabilities and linked cheatsheets are incredibly helpful, especially for busy developers that may not have done any work on fixing security bugs. The UI is extremely easy on the eyes and one of the most well designed I've ever seen, the same goes for the UX.
What do you dislike about the product?
Besides the CI setup issue we had which I believe was more of a codebase issue than a StackHawk issue (I wasn't involved), there really isn't anything currently in StackHawk that I have an issue with.
What problems is the product solving and how is that benefiting you?
We haven't had a lot of time to focus on security just yet, but we (I) am definitely looking forward to getting to the point where we are less pressured by a deadline and can focus on using StackHawk to start resolving the major issues with our codebase.
showing 41 - 50