Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
StackHawk is a great DAST security tool
What do you like best about the product?
We have recently partnered with StackHawk for dynamic security code scanning and the product has been fantastic. StackHawk has many methods for performing code scanning tests which have been helpful for our development team. But I want to mention that perhaps the greatest thing about StackHawk has been their employees and the support they provide. (Most big software manufacturers sort of drop you off the deep end of the pool and disappear.) I will say that the customer on-boarding we had from StackHawk and their professionals was one of the best I've seen in my long career. They have a bunch of experts who are friendly and will assist you in getting the tools set up, explaining all of the features and options, and there to assist when you need help. I'd like to extend my genuine thanks to all at StackHawk for making our security program better and being a great partner.
What do you dislike about the product?
I do not have any dislikes regarding StackHawk.
What problems is the product solving and how is that benefiting you?
We had been using tools from larger software vendors, but they were becoming less effective and their value was declining over time (compared to the ever increasing costs). We looked around this crowded vendor space and reviewed several solutions for code scanning, API scanning, etc. We found that StackHawk was quite easy to set up and integrate. We also found that their staff and support were top notch.
- Leave a Comment |
- Mark review as helpful
StackHawk Review
What do you like best about the product?
I like the ability to configure the YAML file centrally. I like the integrations that are available as well.
What do you dislike about the product?
The configs of the YAML file and authenticated scans can be frustrating.
What problems is the product solving and how is that benefiting you?
Scan apps pushed to staging in the pipeline
Excellent customer service
What do you like best about the product?
The StackHawk team achieves what seems impossible.
What do you dislike about the product?
The path was not very clear as we embarked on the beginning of our journey.
What problems is the product solving and how is that benefiting you?
We want to address all the security weaknesses in our microservices, and StackHawk has allowed us to gain visibility into issues that we cannot test in other quality gates.
Working with Stack Hawk experience...
What do you like best about the product?
The onboarding of application.
Vendor customer support.
API files scanning.
Easy to use and implementation and DevSecOps CI/CD integration
The dashboard results...
Attack Surface utilization... etc.,
Vendor customer support.
API files scanning.
Easy to use and implementation and DevSecOps CI/CD integration
The dashboard results...
Attack Surface utilization... etc.,
What do you dislike about the product?
To onboard each application why should we have to involve each application POC to write their extra files to configure into the system. Here its lagging time to pass KT to each application POC to come up with their config Yaml file.
What problems is the product solving and how is that benefiting you?
As of now we have onboarded few of our client applications to the Stack Hawk and seeing good results and using those results to implement more security with the help of Dev Teams to remediate the security vulnerabilities.
StackHawk - An upcoming DAST solution
What do you like best about the product?
Its configurable nature and diverse integration option. And the very supportive customer support team who value the feedback and make sure changes are reflected in upcoming releases.
What do you dislike about the product?
The limitation of being able to use with only internet accessible surface and limitation on on-prem usage. Additionally, lack of granular roles to avoid accendential deletion of scan and scan result by a unaware user.
What problems is the product solving and how is that benefiting you?
Helping us streamline our secure development initiative
A Fast, Developer-Friendly Security Solution with Clear Remediation Guidance
What do you like best about the product?
StackHawk is an efficient and developer-friendly tool for application security testing. One of its standout features is the easy integration with CI/CD pipelines, making it straightforward to incorporate into existing development workflows. Additionally, the scan times are quick, allowing teams to identify and address security vulnerabilities without significant delays to deployment.
What do you dislike about the product?
if would be great if you guys provide score card & PDF report on email so that we can easily share with other prople higher managment
What problems is the product solving and how is that benefiting you?
mainly it highlightes the security flaws and outdated software recomondations
DEV's Found It Easy To Integrate. INFOSEC Gets The DevSecOps View/Reporting
What do you like best about the product?
The dev team found it fairl simple to get their codebase/apps (Python, BitBucket, Jenkins, Jira) integrated... we had a volunteer who went through the process & provide steps so the rest could cookie-cutter it.
What do you dislike about the product?
I am not a coder - I'm on the InfoSec side of the house. So my take about SH relates to the admin portal & reporting... both of which of very good. It was easy to invite devs to the portal & the reports provide info that I use to relay for compliance/security work.
What problems is the product solving and how is that benefiting you?
It does a few things for us:
1. Adds a DAST function that automates discovery of vulns. Previously done by humans - not ideal.
2. Help us to create a DevSecOps culture. We are pairing this with Snyk to have a soup-to-nuts CI/CD analysis.
3. Both 1&2 help us meet GRC requirements. Code-development has become a focus for more than a few compliance/privacy rules.
1. Adds a DAST function that automates discovery of vulns. Previously done by humans - not ideal.
2. Help us to create a DevSecOps culture. We are pairing this with Snyk to have a soup-to-nuts CI/CD analysis.
3. Both 1&2 help us meet GRC requirements. Code-development has become a focus for more than a few compliance/privacy rules.
Amazing automatable DAST tool
What do you like best about the product?
You can setup any type of authenticated scans due to its YAML configuration setup.
It is possible to run internal scans since it only needs the binary to run it.
Customer support has been great so far, they are always on and ready to answer any question, even their bot helps a lot.
The integration they have with Snyk makes it great when it comes to deeper analysis.
It is possible to run internal scans since it only needs the binary to run it.
Customer support has been great so far, they are always on and ready to answer any question, even their bot helps a lot.
The integration they have with Snyk makes it great when it comes to deeper analysis.
What do you dislike about the product?
They need more reporting capabilities, more dashboard views to showcase the progress of vulnerabilities remediation.
Some customization of scan policies would be neat, the current way to apply policies for scans is very manual.
Some customization of scan policies would be neat, the current way to apply policies for scans is very manual.
What problems is the product solving and how is that benefiting you?
I can automate the security part of testing an application when it is deployed instead of having to do a manual pentest every single time.
The team has been very helpful with the onboarding process.
What do you like best about the product?
I managed to get most things working very quickly.
What do you dislike about the product?
I am trying to solve one issue: excluding the path /actuator from the scans. I have followed the docs and used the AI bot, but because I am in NZ, it is difficult to make contact with a real person due to timezone differences.
What problems is the product solving and how is that benefiting you?
Soc2 DAST compliance
Fantastic DAST product for the container world
What do you like best about the product?
Central management platform - StackHawk's SaaS management platform significantly simplifies the management of our applications. It provides an intuitive workflow for issue triage and remediation, making it easier for our team to identify, prioritize, and address security vulnerabilities efficiently.
Container-first orientation - the container-first approach of StackHawk's scanners provides unparalleled flexibility and ease of integration within our workflows. Given our unique requirements and constraints, this architecture enables us to build custom scanning workflows easily with our own scaffolding with more powerful configuration than any other DAST scanner we've tested. This flexibility not only meets our current needs but also positions us well for future integration with developer-centric processes.
Customer support - StackHawk's customer success team has been exceptional in guiding us towards effective use of their product. They keep us engaged with regular updates and news, and they are incredibly responsive to our questions, feature requests, and bug reports. Their proactive support has been instrumental in maximizing the value we derive from StackHawk.
Engaging brand identity - on a personal note, I greatly appreciate StackHawk's creative bird-themed branding. Their attention to detail in maintaining a cohesive and engaging brand identity, even in their internal libraries, adds a touch of personality and fun to our interactions with the tool.
Container-first orientation - the container-first approach of StackHawk's scanners provides unparalleled flexibility and ease of integration within our workflows. Given our unique requirements and constraints, this architecture enables us to build custom scanning workflows easily with our own scaffolding with more powerful configuration than any other DAST scanner we've tested. This flexibility not only meets our current needs but also positions us well for future integration with developer-centric processes.
Customer support - StackHawk's customer success team has been exceptional in guiding us towards effective use of their product. They keep us engaged with regular updates and news, and they are incredibly responsive to our questions, feature requests, and bug reports. Their proactive support has been instrumental in maximizing the value we derive from StackHawk.
Engaging brand identity - on a personal note, I greatly appreciate StackHawk's creative bird-themed branding. Their attention to detail in maintaining a cohesive and engaging brand identity, even in their internal libraries, adds a touch of personality and fun to our interactions with the tool.
What do you dislike about the product?
The most difficult part of working with StackHawk is the code-oriented nature of scripting, especially for application authentication. Many scanners use passive proxy mechanisms to capture authentication traffic, which makes it easy to get up and running rapidly with authenticated scanning. StackHawk does not offer this, opting instead for more powerful customization via their scripting engine. This may not be for everyone.
What problems is the product solving and how is that benefiting you?
We were able to meet our compliance requirements using other tooling, but StackHawk enabled us to implement headless, authenticated DAST in a fully-automated fashion so we no longer have to spend the time to execute scans manually. This was the main problem that drove us to StackHawk in the first place - but with some creativity, we are now planning for what we call the "ultimate shift left" for DAST, putting DAST directly in the hands of developers, in a controlled fashion. The automation, and subsequently putting the tool in the hands of developers, allows us to scale the application security program beyond just the application security team so that we achieve the coverage that we need.
showing 1 - 10