68 StackHawk Reviews
We have recently partnered with StackHawk for dynamic security code scanning and the product has been fantastic. StackHawk has many methods for performing code scanning tests which have been helpful for our development team. But I want to mention that perhaps the greatest thing about StackHawk has been their employees and the support they provide. (Most big software manufacturers sort of drop you off the deep end of the pool and disappear.) I will say that the customer on-boarding we had from StackHawk and their professionals was one of the best I've seen in my long career. They have a bunch of experts who are friendly and will assist you in getting the tools set up, explaining all of the features and options, and there to assist when you need help. I'd like to extend my genuine thanks to all at StackHawk for making our security program better and being a great partner. Review collected by and hosted on G2.com.
I do not have any dislikes regarding StackHawk. Review collected by and hosted on G2.com.
Stachawk efficiently performed a comprehensive security assessment, identifying potential issues such as SQL injection, XSS, and security misconfigurations. The detailed reports provided clear insights into each vulnerability, along with recommendations for remediation.
Another key feature was its ability to adapt to different environments, making it a versatile solution for both black-box and white-box testing scenarios. Review collected by and hosted on G2.com.
A learning path should be added to help users maximize the potential of Stachawk. While the tool is powerful and intuitive, a structured learning path would provide step-by-step guidance on configuring scans, interpreting results, and implementing security best practices. Review collected by and hosted on G2.com.
Stackhawks people are my favorite part. Always updating and having a feel like they are an extension of my company always makes for a great vibe.
The scanning platform is fast. Default settings for scans, done via yaml markup, run great though they allow me to customize runners and spec for the container which runs said scan. Tuning this can make my scans greatly faster.
It's true integration to my CI, of which I use GitHub actions, and now with shift left knowing about vulnerabilities earlier in the process has kept us with a clean setup that no longer adds tech debt to our process.
The support is phenominal. The web chat is responsive, but they also helped make a Slack channel integration with our team to communicate updates and work through specific features. Review collected by and hosted on G2.com.
The only downside I can think of is when using Jenkins the containers it pulls down and reporting it does for a scan soaks up a bunch of disk on my Jenkins nodes and I end up having to do docker cleanup. Review collected by and hosted on G2.com.
The dev team found it fairl simple to get their codebase/apps (Python, BitBucket, Jenkins, Jira) integrated... we had a volunteer who went through the process & provide steps so the rest could cookie-cutter it. Review collected by and hosted on G2.com.
I am not a coder - I'm on the InfoSec side of the house. So my take about SH relates to the admin portal & reporting... both of which of very good. It was easy to invite devs to the portal & the reports provide info that I use to relay for compliance/security work. Review collected by and hosted on G2.com.
The onboarding of application.
Vendor customer support.
API files scanning.
Easy to use and implementation and DevSecOps CI/CD integration
The dashboard results...
Attack Surface utilization... etc., Review collected by and hosted on G2.com.
To onboard each application why should we have to involve each application POC to write their extra files to configure into the system. Here its lagging time to pass KT to each application POC to come up with their config Yaml file. Review collected by and hosted on G2.com.
You can setup any type of authenticated scans due to its YAML configuration setup.
It is possible to run internal scans since it only needs the binary to run it.
Customer support has been great so far, they are always on and ready to answer any question, even their bot helps a lot.
The integration they have with Snyk makes it great when it comes to deeper analysis. Review collected by and hosted on G2.com.
They need more reporting capabilities, more dashboard views to showcase the progress of vulnerabilities remediation.
Some customization of scan policies would be neat, the current way to apply policies for scans is very manual. Review collected by and hosted on G2.com.
StackHawk is an efficient and developer-friendly tool for application security testing. One of its standout features is the easy integration with CI/CD pipelines, making it straightforward to incorporate into existing development workflows. Additionally, the scan times are quick, allowing teams to identify and address security vulnerabilities without significant delays to deployment. Review collected by and hosted on G2.com.
if would be great if you guys provide score card & PDF report on email so that we can easily share with other prople higher managment Review collected by and hosted on G2.com.
Central management platform - StackHawk's SaaS management platform significantly simplifies the management of our applications. It provides an intuitive workflow for issue triage and remediation, making it easier for our team to identify, prioritize, and address security vulnerabilities efficiently.
Container-first orientation - the container-first approach of StackHawk's scanners provides unparalleled flexibility and ease of integration within our workflows. Given our unique requirements and constraints, this architecture enables us to build custom scanning workflows easily with our own scaffolding with more powerful configuration than any other DAST scanner we've tested. This flexibility not only meets our current needs but also positions us well for future integration with developer-centric processes.
Customer support - StackHawk's customer success team has been exceptional in guiding us towards effective use of their product. They keep us engaged with regular updates and news, and they are incredibly responsive to our questions, feature requests, and bug reports. Their proactive support has been instrumental in maximizing the value we derive from StackHawk.
Engaging brand identity - on a personal note, I greatly appreciate StackHawk's creative bird-themed branding. Their attention to detail in maintaining a cohesive and engaging brand identity, even in their internal libraries, adds a touch of personality and fun to our interactions with the tool. Review collected by and hosted on G2.com.
The most difficult part of working with StackHawk is the code-oriented nature of scripting, especially for application authentication. Many scanners use passive proxy mechanisms to capture authentication traffic, which makes it easy to get up and running rapidly with authenticated scanning. StackHawk does not offer this, opting instead for more powerful customization via their scripting engine. This may not be for everyone. Review collected by and hosted on G2.com.
Its configurable nature and diverse integration option. And the very supportive customer support team who value the feedback and make sure changes are reflected in upcoming releases. Review collected by and hosted on G2.com.
The limitation of being able to use with only internet accessible surface and limitation on on-prem usage. Additionally, lack of granular roles to avoid accendential deletion of scan and scan result by a unaware user. Review collected by and hosted on G2.com.
