Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Awesome DAST scanning
What do you like best about the product?
Easy to integrate, unlimited scans and applications allowed in the plan, performs well, dockerized
What do you dislike about the product?
I wish there were more visibility into the types of rules or inputs that the scanner is using under the hood
What problems is the product solving and how is that benefiting you?
It's already revealed a few defects in APIs, and is integrated into SDLC process
- Leave a Comment |
- Mark review as helpful
Fantastic DAST tool for integrating with your CI/CD pipeline
What do you like best about the product?
The SaaS platform makes this product easy and fast to implement and aggregate findings to make it extremely easy to view and validate findings. The ability to seamlessly run a scan that is hosted locally in docker that will give you the same results as a deployed resource. This gives developers the ability to run their scans before ever committing code.
What do you dislike about the product?
The scanners lacks fine-grain customization into the underlying ZAP scanner. The configurations could expose more of the underlying functionality to customize scans better.
What problems is the product solving and how is that benefiting you?
We can now run DAST inside of our pipeline. This saves us time and gives us peace of mind.
StackHawk is a strong DAST product for companies that care about their application security programs
What do you like best about the product?
-Very strong CI/CD integration
-Augmented security detections to ZAP
-A slick, fast UI
-Supportive staff when we have questions
-Augmented security detections to ZAP
-A slick, fast UI
-Supportive staff when we have questions
What do you dislike about the product?
-Needs more augmented detection to discover real risks
-Needs ability for custom detections/plugins
-More customization on findings and options for suppression
-Faster scans!
-Needs ability for custom detections/plugins
-More customization on findings and options for suppression
-Faster scans!
What problems is the product solving and how is that benefiting you?
-Finding "real" problems through run-time scans
-CI/CD integration for low/no touch scans for developers
-CI/CD integration for low/no touch scans for developers
My encounter with StackHawk
What do you like best about the product?
The integration with my application was seamless. I just had to deploy a docker and run it, and the stat scanner reported the vulnerabilities almost instantly.
What do you dislike about the product?
StackHawk can improve the description of the vulnerabilities slightly to debug the issue faster. Stackhawk can give more examples for fixing security issues reported.
What problems is the product solving and how is that benefiting you?
I am trying to find security flaws in my application using StackHawk so that when I go into deployment, I don't get hacked. StackHawk benefitted me immensely by making the process seamless.
Recommendations to others considering the product:
Go ahead and use this product to get your applications tested for security vulnerabilities. Using StackHawk saves a lot of time and effort.
Excellent vulnerability scanner tool for REST APIs
What do you like best about the product?
The tool is straightforward to use and scan the APIs for vulnerabilities very quickly. Provides a docker image which could be directly used
What do you dislike about the product?
Sometimes, all the endpoints from the swagger spec is not recognized
What problems is the product solving and how is that benefiting you?
The main benefit is to scan the application for vulnerabilities quickly and helps in taking quick resolutions
Recommendations to others considering the product:
It is an excellent tool to scan your application for security vulnerabilities.
Greatly helped in securing my side project; better than most other tools with a free tier
What do you like best about the product?
1. Comprehensive insights - Within an hour after doing the initial setup, I had actionable suggestions for issues I probably wouldn't have discovered otherwise. Most notably, it managed to identify cases in which my code would misbehave against hostile input, despite the fact that the code seemed perfectly fine from a logical point of view; the actual culprit was likely a mix of software versions and library dependencies, but this insight allowed me to develop a secure workaround.
It also had many other suggestions, which were very much welcome, and I feel a lot more confident that I've done right by my users after enacting those changes.
2. Insights are easy to replicate - the request and response are detailed for each call, so you can verify them yourself.
3. A final plus worth noting is that it's easy to integrate with your CI/CD pipeline on most of the popular repository hosting sites. It's also highly configurable - you can decide how long you want the scanner to run for in total and for each individual rule it checks against as well. This makes it easier to sustain, as you might want lighter checks if you run it often.
It also had many other suggestions, which were very much welcome, and I feel a lot more confident that I've done right by my users after enacting those changes.
2. Insights are easy to replicate - the request and response are detailed for each call, so you can verify them yourself.
3. A final plus worth noting is that it's easy to integrate with your CI/CD pipeline on most of the popular repository hosting sites. It's also highly configurable - you can decide how long you want the scanner to run for in total and for each individual rule it checks against as well. This makes it easier to sustain, as you might want lighter checks if you run it often.
What do you dislike about the product?
The setup isn't the easiest compared to some competitors. You do have to download a Docker image and run the scanner, or integrate it into your CI/CD pipeline. However, this is a minor nitpick and I was up and running in less than 20 minutes.
What problems is the product solving and how is that benefiting you?
I needed a security tool that could automate the security audit/pentest process, but the project I wanted to use it for was small and didn't have a budget available.
After trying a few free tools, many of which gave me suggestions that were very low-risk or already addressed, or locked their better recommendations behind a paywall, I decided to try StackHawk.
I was very impressed with the results, as mentioned above. StackHawk helped me secure my project, and the generous offering on the free tier was perfect for my needs. I would happily recommend trying it to anyone looking to improve the security of their projects, and I especially praise them for offering such an excellent service on the free tier.
After trying a few free tools, many of which gave me suggestions that were very low-risk or already addressed, or locked their better recommendations behind a paywall, I decided to try StackHawk.
I was very impressed with the results, as mentioned above. StackHawk helped me secure my project, and the generous offering on the free tier was perfect for my needs. I would happily recommend trying it to anyone looking to improve the security of their projects, and I especially praise them for offering such an excellent service on the free tier.
Very happy user, even happier customer!
What do you like best about the product?
Ease of use + robust integrations = wow!
What do you dislike about the product?
Still developing a few nice-to-have features, but nothing that is preventing me from significant usage.
What problems is the product solving and how is that benefiting you?
Love helping developers learn and own application security. Helps CISO job and makes for a more resilient and reliable code stack.
Great Dast for Modern Applications
What do you like best about the product?
The Stackhawk dashboard is intuitive and functional. I also really appreciate the low level of false positives as well.
What do you dislike about the product?
It would be helpful if there were a way to automatically scan APIs without swagger documentation.
What problems is the product solving and how is that benefiting you?
Stackhawk is allowing us to shift left security vulnerability patching. We can scan at commit time and allow developers to fix bugs before they are checked into version control.
Fast and effective DAST tool
What do you like best about the product?
StackHawk is an excellent tool built to find vulnerabilities developers typically miss and do not foresee when building applications. The support for both SOAP and REST APIs make it versatile to use for a variety of applications. The scan times are quick and resources are easily customizable in the Docker container. The ability to test against certain technologies using flags is a great plus to speed up scan times as well. The support team's quick turnaround times to resolve troubleshooting problems is a great asset to have when onboarding applications.
What do you dislike about the product?
Only supports running in a Docker container, would love to see a .jar extension to attach to applications for faster onboarding when containers are not readily available for use
What problems is the product solving and how is that benefiting you?
This is the first DAST tool we have adopted and have begun implementing this into our CI/CD workflows. Ultimately we aim to identify all vulnerabilities wherever possible to ensure our ecosystem is safe and secure, and StackHawk is providing great value to our goal. The quick scan times provide an easier integration with the remaining components of our pipelines, and the ability to scan SOAP apps is a must until we're able to retire our legacy apps or convert them to REST APIs. Developers are also able to scan applications from their local workstations to capture vulnerabilities early on and wherever else StackHawk is not yet integrated into our CI/CD pipeline for a particular application.
Awesome security automation with GraphQL support
What do you like best about the product?
We've had nothing but a great experience working with the StackHawk team and their security automation tool. Our team operates in a continuous delivery environment, with several concurrent branches and environments at any given time. We release code several times per day, and StackHawk is able to provide us real-time scans of all of our branches, environments, and production deploys without any additional developer effort beyond initial setup.
What do you dislike about the product?
We had some initial issues with getting the scans to work with our GraphQL endpoints, but we were able to work closely with the StackHawk team, and this has since become a non-issue. I'm not aware of many other dynamic security testing providers that have such robust GraphQL support. Kudos to the StackHawk team for leaning in and delivering an excellent solution for GraphQL security testing.
What problems is the product solving and how is that benefiting you?
Automated dynamic security testing helps us build a more secure platform, as well as gives our customers confidence that we take security seriously and partner with the best providers.
Recommendations to others considering the product:
Setup a shared Slack channel, and you will receive answers to your questions blazingly fast!
showing 31 - 40