Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
StackHawk: A great DAST tool to ensure API Security
What do you like best about the product?
1. It's a complete DAST and runtime security tool that can test any web application
2. Easy to integrate with almost all the major CI tools for automated testing
3. Dashboard provides almost all the necessary information with resolutions of findings
4. Quality support team
2. Easy to integrate with almost all the major CI tools for automated testing
3. Dashboard provides almost all the necessary information with resolutions of findings
4. Quality support team
What do you dislike about the product?
1. Pricing is a bit high for small and medium businesses
2. You will find some false positives in the scan report
2. You will find some false positives in the scan report
What problems is the product solving and how is that benefiting you?
We have multiple web applications built and hosted on various different platforms. This leads us to the problem of managing the API and runtime security of the application. StackHawk helps us in scanning all those applications with details reports and resolutions.
- Leave a Comment |
- Mark review as helpful
Quick Scan
What do you like best about the product?
I like that it is fast and dynamic, and I can also automate things.
What do you dislike about the product?
Troubleshooting network-related issues is a hectic process
What problems is the product solving and how is that benefiting you?
I use it for my web application scanning. It helps me find bugs in code that improves my application security.
Excellent, easy-to-integrate security tools to enhance awareness and provide diagnostics
What do you like best about the product?
My team began using Stackhawk a few months ago for just one application that supports a website product. It provides us with potentially overlooked security risks and allows us additional verififcation data that risks/issues are mitigated as we expect.
1. Easy. Stackhawk provides tooling that is incredibly easy to setup. They provide awesome documentation to start using the CLI. I also recommend the web UI though as the configuration is super straightfoward.
2. Informative. The results of Stackhawk security scans are fantastic. The details on risks/items identified are useful, clear, and nicely visualized. The web tool also provides utilities (ie copy as cURL) to attempt reproduce specific test failures or run further diagnoses.
3. Thorough for APIs. Finally, the security scanning tools are exceptional for API based applications/systems. Especially with a strict typing based architecture like GraphQL, Stackhawk can really provide high value ouputs for a relatively tiny setup cost/effort.
1. Easy. Stackhawk provides tooling that is incredibly easy to setup. They provide awesome documentation to start using the CLI. I also recommend the web UI though as the configuration is super straightfoward.
2. Informative. The results of Stackhawk security scans are fantastic. The details on risks/items identified are useful, clear, and nicely visualized. The web tool also provides utilities (ie copy as cURL) to attempt reproduce specific test failures or run further diagnoses.
3. Thorough for APIs. Finally, the security scanning tools are exceptional for API based applications/systems. Especially with a strict typing based architecture like GraphQL, Stackhawk can really provide high value ouputs for a relatively tiny setup cost/effort.
What do you dislike about the product?
I wouldn't say I dislike anything provided by Stackhawk at the moment. However, in the relatively contained method that we've used the tool, we have a few recommendations available for consideration.
1. Organization by concern area. The output risk items are nicely tagged. However, it would be valuable to provide tags or areas upfront that customizes/modifies the type of scan that is executed (ie targeting risks for cross-site scripting)
2. Technology-specific or stack-specific scans. Our application is a Ruby on Rails website and Stackhawk currently treats that as a generic web app. This is not a problem but as Stackhawk expands it would be interesting to drill-down on high-value tests that are relevant to an application's current architecture.
3. Github Security issues. Lastly, since we use Github actions for CI, it would be awesome to see an integration where Stackhawk risks are written straight to the repository's security items. I'm sure this is already possible today and is a matter of time before it becomes built-in.
1. Organization by concern area. The output risk items are nicely tagged. However, it would be valuable to provide tags or areas upfront that customizes/modifies the type of scan that is executed (ie targeting risks for cross-site scripting)
2. Technology-specific or stack-specific scans. Our application is a Ruby on Rails website and Stackhawk currently treats that as a generic web app. This is not a problem but as Stackhawk expands it would be interesting to drill-down on high-value tests that are relevant to an application's current architecture.
3. Github Security issues. Lastly, since we use Github actions for CI, it would be awesome to see an integration where Stackhawk risks are written straight to the repository's security items. I'm sure this is already possible today and is a matter of time before it becomes built-in.
What problems is the product solving and how is that benefiting you?
Stackhawk helps us be productive by providing security awareness and maintainence on a small team with limit capacity. It improves our efficiency and reduces development costs by providing us solid baseline security monitoring without the cost of spending major development time or having to pay external security groups/pen testers.
Easy to use security bug finder
What do you like best about the product?
Stackhawk is an handy tool when it comes to security testing as well as operating. Tool helps me to avoid Vulnerable bugs. UI/UX of Stackhawk is top-notch and has vibrant colours.
What do you dislike about the product?
Stackhawk isn't great when it comes to setup of the software as it requires docker image for running in CI/CD pipeline which makes incompetent for non-containerized applications and it's support team is best.
What problems is the product solving and how is that benefiting you?
We're working on large codebase and one security vulnerability may cause our organization a huge loss, stackhawk plays a major role by finding security bug in live coding and suggests to how to solve.
Recommendations to others considering the product:
i would definitely recommend it
Attended a workshop at Devops.js
What do you like best about the product?
How easy it was to set up, and while I may not need something so complete at the moment it's definitely something I would use with bigger projects.
What do you dislike about the product?
That I wasn't aware of this type of code check before and how much time it could save in the end.
What problems is the product solving and how is that benefiting you?
At the moment I haven't really solved any issue with StackHawk due to my project being quite small, but in a more mature and bigger project, this would solve a lot of issues. I mean having a test that analyzes and tells you some potential to improve your code is amazing.
Runtime security with StackHawk
What do you like best about the product?
The StackHawk tool has great documentation and is very intuitive to set up for a developer and for a DevOps person. With StackHawk, we can find vulnerabilities in a running environment rather than a static environment, which meant that we are aware of the threats to our application in a live environment. StackHawk has loads of CICD and notification integrations, although a few popular notification channels such as Discord are missing, which are used in most personal projects.
What do you dislike about the product?
StackHawk lacks the feature to set optional integrations for certain applications and environments. All scan results from all applications and environments are sent to all integrations that are enabled. In the Datadog integration, the overall risk level is not sent and it is inconvenient to set up custom parsing rules to calculate the risk level and alert based on that. StackHawk requires a docker image for running tests in CICD, and not all applications are containerized, making this incompatible for non-containerized applications. A JUnit report format would have been an excellent addition to the existing list of JSON and PDF report formats.
What problems is the product solving and how is that benefiting you?
We use StackHawk to find out vulnerabilities of our application when it is running through GitHub actions and through regular CLI checks. The output result is sent to Datadog/Slack. We are able to catch vulnerabilities before the application reaches production through the CICD integration and even monitor our production environment through the CLI.
Recommendations to others considering the product:
StackHawk is heavily dependent on Docker. If your organization does not use Docker for your applications, StackHawk might not be the right fit for DAST.
It's a great DAST tool that easily integrates into our CI/CD pipeline
What do you like best about the product?
Stackhawk does a great job making configuring and running the scan as easy as possible by wrapping everything up to a docker container that can run both locally by developers and on CI.
What do you dislike about the product?
We've had to put in a little effort to get it to work with OAuth authentication, but it's much less work and more straightforward than anything else we tried.
What problems is the product solving and how is that benefiting you?
- SOC2 compliance requires running DAST, and Stackhawk helped us fill that need without a lot of effort.
- Monitors our website for security issues we might have missed during development.
- Monitors our website for security issues we might have missed during development.
Best security bug finder
What do you like best about the product?
It quickly finds the bug and supports our team by fixing that security vulnerability. It helps my team with REST and GraphQL API Scanning & Simple Fix Documentations too. It's easy to use.
What do you dislike about the product?
To this date,I Haven't found any issues from stackhawk.
What problems is the product solving and how is that benefiting you?
We're working on an application where we get a lot of customers. If any security issue might affect our data, we've fixed the vulnerabilities with stackhawk while it's in the pipeline. We believe in the quote, "Prevention is better to cure".
Recommendations to others considering the product:
Best anti-bug
Perfect Security product for your business needs
What do you like best about the product?
As we progress towards the future, Modern problems require modern solutions! StackHack is the perfect go-ahead for your business needs!
What do you dislike about the product?
The frequent updates with new technologies, but it's good to have the updates to stay ourselves protected!
What problems is the product solving and how is that benefiting you?
The frequent updates with new technologies, but it's good to have the updates to stay ourselves protected!
Easy to use
What do you like best about the product?
The app is really easy to use and setup. Running scans is pretty simple and easy to check out your security issues
What do you dislike about the product?
Honestly from using it for a few weeks already, I have nothing I dislike
What problems is the product solving and how is that benefiting you?
I'm running the scans on my personal app that had lots of security issues.
Recommendations to others considering the product:
Easy to use and setup
showing 11 - 20