AWS Marketplace: StackHawk

Overview

Uniquely tailored to AWS customers StackHawk can be easily deployed into AWS environments. The platform can run as part of your CI/CD pipeline with AWS CodeBuild and AWS CodePipeline to automate security testing as part of your software delivery.

Our approach to security StackHawk is the only dynamic application (DAST) and API security testing tool that runs in CI/CD, making API and application security testing part of software delivery. The StackHawk platform offers engineering teams the ability to find and fix application bugs at any stage of software development and gives Security teams insight into the security posture of applications and APIs being developed. The platform also contains generative AI technology that can help Security teams identify hidden APIs, providing information about what APIs exist, where they live, and who they belong to.

Pricing information Pricing is available as either StackHawk Pro or StackHawk Enterprise. With both pricing plans, users receive unlimited scans, environments and applications.

StackHawk Pro features: - Docker-based application security scanner - CI/CD automation - Historical scan data - cURL based reproduction criteria - Findings triage - REST, GraphQL & SOAP support - StackHawk CLI - Custom scan discovery - Applications dashboard - Custom test data for REST - Custom test data for GraphQL - HawkScan ReScan - gRPC support (coming soon) - Email and Slack based support - Slack, Snyk, GitHub, and CodeQL integrations

StackHawk Enterprise features: - ALL features and integrations in StackHawk Pro - Single sign-on - Role-based permissions - Activity history & audit log - Log4Shell vulnerability - Seed paths - API access for Scan Results - Executive summary report - Custom test scripts - Team-based access - Policy management - Dedicated Slack based support - Premier Zoom support - Generic webhooks, Microsoft Teams, and DefectDojo integrations

For more information, visit: https://www.stackhawk.com/pricing/

For custom pricing, EULA, or a private contract, please contact marketplace-orders@stackhawk.com , for a private offer.

Highlights

Shift Security Left with Automated DAST Scanning: StackHawk is purpose-built to run in the DevOps pipeline, ensuring your team has eyes on any new vulnerabilities before they hit production.
Reliably Test Applications and APIs: With StackHawk, you can easily align your DAST testing with your architecture, including REST, SOAP, and GraphQL APIs, for better performance and faster fixes.
Developer Focused and Built to Scale AppSec Teams: StackHawk's modern approach to DAST enables developers to write secure software fast and gives Security teams the ability to scale at the speed of software being deployed.

Details

Sold by

StackHawk, Inc.

Features and programs

Financing for AWS Marketplace purchases

AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.

View financing details

Pricing

StackHawk

Info

View purchase options

Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.

12-month contract (2)

Info

Dimension	Description	Cost/12 months
StackHawk Pro	Priced per code contributor for applications under test (minimum 5)	$504.00
StackHawk Enterprise	Priced per code contributor for applications under test (minimum 5)	$708.00

Vendor refund policy

All fees are non-cancellable and non-refundable except as required by law.

Legal

Vendor terms and conditions

Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

Content disclaimer

Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

Usage information

Info

Delivery details

Software as a Service (SaaS)

SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

Resources

Vendor resources

StackHawk Documentation

StackHawk Help

Support

Vendor support

Unless otherwise agreed, email support is offered Monday - Friday during normal business hours. support@stackhawk.com

AWS infrastructure support

AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

Get support

Customer reviews

Write a review

Ratings and reviews

Info

0 ratings

5 star

4 star

3 star

2 star

1 star

0 AWS reviews

64 external reviews

External reviews are sourced from G2 and are not included in the star rating for this product.

Banking

Excellent customer service

Reviewed on Dec 23, 2024

Review provided by G2

What do you like best about the product?

The StackHawk team achieves what seems impossible.

What do you dislike about the product?

The path was not very clear as we embarked on the beginning of our journey.

What problems is the product solving and how is that benefiting you?

We want to address all the security weaknesses in our microservices, and StackHawk has allowed us to gain visibility into issues that we cannot test in other quality gates.

Leave a comment 0 comments

Ramgopal K.

Working with Stack Hawk experience...

Reviewed on Dec 16, 2024

Review provided by G2

What do you like best about the product?

The onboarding of application.
Vendor customer support.
API files scanning.
Easy to use and implementation and DevSecOps CI/CD integration
The dashboard results...
Attack Surface utilization... etc.,

What do you dislike about the product?

To onboard each application why should we have to involve each application POC to write their extra files to configure into the system. Here its lagging time to pass KT to each application POC to come up with their config Yaml file.

What problems is the product solving and how is that benefiting you?

As of now we have onboarded few of our client applications to the Stack Hawk and seeing good results and using those results to implement more security with the help of Dev Teams to remediate the security vulnerabilities.

Leave a comment 0 comments

Shivani Santosh K.

StackHawk - An upcoming DAST solution

Reviewed on Nov 21, 2024

Review provided by G2

What do you like best about the product?

Its configurable nature and diverse integration option. And the very supportive customer support team who value the feedback and make sure changes are reflected in upcoming releases.

What do you dislike about the product?

The limitation of being able to use with only internet accessible surface and limitation on on-prem usage. Additionally, lack of granular roles to avoid accendential deletion of scan and scan result by a unaware user.

What problems is the product solving and how is that benefiting you?

Helping us streamline our secure development initiative

Leave a comment 0 comments

Bonam B.

A Fast, Developer-Friendly Security Solution with Clear Remediation Guidance

Reviewed on Nov 11, 2024

Review provided by G2

What do you like best about the product?

StackHawk is an efficient and developer-friendly tool for application security testing. One of its standout features is the easy integration with CI/CD pipelines, making it straightforward to incorporate into existing development workflows. Additionally, the scan times are quick, allowing teams to identify and address security vulnerabilities without significant delays to deployment.

What do you dislike about the product?

if would be great if you guys provide score card & PDF report on email so that we can easily share with other prople higher managment

What problems is the product solving and how is that benefiting you?

mainly it highlightes the security flaws and outdated software recomondations

Leave a comment 0 comments

Michael O.

DEV's Found It Easy To Integrate. INFOSEC Gets The DevSecOps View/Reporting

Reviewed on Oct 28, 2024

Review provided by G2

What do you like best about the product?

The dev team found it fairl simple to get their codebase/apps (Python, BitBucket, Jenkins, Jira) integrated... we had a volunteer who went through the process & provide steps so the rest could cookie-cutter it.

What do you dislike about the product?

I am not a coder - I'm on the InfoSec side of the house. So my take about SH relates to the admin portal & reporting... both of which of very good. It was easy to invite devs to the portal & the reports provide info that I use to relay for compliance/security work.

What problems is the product solving and how is that benefiting you?

It does a few things for us:

1. Adds a DAST function that automates discovery of vulns. Previously done by humans - not ideal.
2. Help us to create a DevSecOps culture. We are pairing this with Snyk to have a soup-to-nuts CI/CD analysis.
3. Both 1&2 help us meet GRC requirements. Code-development has become a focus for more than a few compliance/privacy rules.

Leave a comment 0 comments

View all reviews