StackHawk Reviews & Product Details

The tool is straightforward to use and scan the APIs for vulnerabilities very quickly. Provides a docker image which could be directly used Review collected by and hosted on G2.com.

Sometimes, all the endpoints from the swagger spec is not recognized Review collected by and hosted on G2.com.

The setup and scanning process is very straightforward and provides ongoing value to stay compliant with OWASP and the many other CVE's out there. It has already helped us improve security and we're able to learn while using it because of its documentation included in the reporting. On top of all this, it has also helped us with sales and procurement. Review collected by and hosted on G2.com.

False positives do occur when using Stackhawk but they're very limited. Review collected by and hosted on G2.com.

After evaluating several vendors, We chose to use Stackhawk because of how well it integrated with our CI/CD process and that it works really well in containers, whereas most competitors are harder (or impossible) to implement with our configuration. Their team is engaged and responsive. Their solution is modern and easy to use. I'm happy we selected this solution. Review collected by and hosted on G2.com.

I don't have any complaints about using Stackhawk. Review collected by and hosted on G2.com.

The detailed descriptions of vulnerabilities and linked cheatsheets are incredibly helpful, especially for busy developers that may not have done any work on fixing security bugs. The UI is extremely easy on the eyes and one of the most well designed I've ever seen, the same goes for the UX. Review collected by and hosted on G2.com.

Besides the CI setup issue we had which I believe was more of a codebase issue than a StackHawk issue (I wasn't involved), there really isn't anything currently in StackHawk that I have an issue with. Review collected by and hosted on G2.com.

As a cybersecurity professional, I constantly worry about vulnerabilities in our applications. StackHawk outlines exactly what we need to do to make the application more secure, and I don't have to go about my day worrying about what might be out there without my knowledge. It does all of the scanning that would have previously taken hours, and it does it in a matter of minutes. This leaves more time in my day to focus on other aspects of security. Review collected by and hosted on G2.com.

I have not found anything to dislike yet. Review collected by and hosted on G2.com.

StackHawk has a nice, clean, no-nonsense interface that gets to the point, and gets out of the way. It integrates nicely with our workflow and the customer support and success teams have been great to help us get our product to a better state. Review collected by and hosted on G2.com.

There is a bit of manual setup required that seems a little non-trivial, but given how modern applications are built I can't see a better way this could be done! Review collected by and hosted on G2.com.

Ease of deployment and speed to delivery. Tooling runs great for local dev as well in the CI. Uses GitOps approach for scanning definitions in CI. Ingesting Swagger/OpenAPI spec for surface scanning. Fast scanning and actionable results. ZAP on steroids with great tooling and developer experience. Review collected by and hosted on G2.com.

Would like to see smoketesting for CD to make sure basic security controls are in place for prod deploys. Review collected by and hosted on G2.com.

StackHawk is an excellent tool built to find vulnerabilities developers typically miss and do not foresee when building applications. The support for both SOAP and REST APIs make it versatile to use for a variety of applications. The scan times are quick and resources are easily customizable in the Docker container. The ability to test against certain technologies using flags is a great plus to speed up scan times as well. The support team's quick turnaround times to resolve troubleshooting problems is a great asset to have when onboarding applications. Review collected by and hosted on G2.com.

Only supports running in a Docker container, would love to see a .jar extension to attach to applications for faster onboarding when containers are not readily available for use Review collected by and hosted on G2.com.

Easy to configure applications, containerized scanning, high-quality API & GraphQL scanning, and unlimited application scanning Review collected by and hosted on G2.com.

We are currently working with the StackHawk team to reduce the number of false positives. Since the scanner works off of ZAP, improvements can be made to reduce the number of false positives in the scans. Additionally, recommendations can be improved to include action items relevant to the developer. Review collected by and hosted on G2.com.

The Stackhawk dashboard is intuitive and functional. I also really appreciate the low level of false positives as well. Review collected by and hosted on G2.com.

It would be helpful if there were a way to automatically scan APIs without swagger documentation. Review collected by and hosted on G2.com.