It's been two months since this profile received a new review

StackHawk Reviews & Product Details

StackHawk is reimagining AppSec for AI-driven development, where applications are built faster than traditional AppSec tools can keep up. Our AppSec Intelligence Platform combines scalable runtime testing with complete attack surface discovery from source code. We integrate directly into development workflows and provide context-aware remediations to developers, enabling teams to find and fix exploitable vulnerabilities before they reach production. With real-time visibility and centralized program intelligence, AppSec teams can prioritize testing and fixing what matters. Companies like British Airways, ITV, and Norstella trust StackHawk to evaluate application risk, prove program value, and scale testing coverage to match development velocity.

Product Website

Seller

StackHawk

Discussions

StackHawk Community

Languages Supported

English

Overview by

Alexa Sevilla

Pricing

Pricing provided by StackHawk.

Secure

$39.00

1 Code Contributor Per Month

View More Pricing Information

StackHawk Integrations

(12)

Verified by StackHawk

StackHawk Media

Security bug finding details from a scan of your application. Bug details, fix documentation, request/response payloads, and paths where the bug was found.

API discovery and application attack surface mapping from code

StackHawk is the only modern API security testing tool that runs in CI/CD, enabling developers to quickly find and fix security issues before they hit production.

Official Downloads

(2)

edit

Business Benefits of DAST & Shifting Left

G2 reviews are authentic and verified.

Here's how.

Verified User in Information Technology and Services

Small-Business (50 or fewer emp.)

1/26/2022

"Excellent vulnerability scanner tool for REST APIs"

4.5/5

What do you like best about StackHawk?

The tool is straightforward to use and scan the APIs for vulnerabilities very quickly. Provides a docker image which could be directly used Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

Sometimes, all the endpoints from the swagger spec is not recognized Review collected by and hosted on G2.com.

Bart V.

CTO & Co-founder

Small-Business (50 or fewer emp.)

5/13/2021

"Scanning to stay compliant"

5/5

What do you like best about StackHawk?

The setup and scanning process is very straightforward and provides ongoing value to stay compliant with OWASP and the many other CVE's out there. It has already helped us improve security and we're able to learn while using it because of its documentation included in the reporting. On top of all this, it has also helped us with sales and procurement. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

False positives do occur when using Stackhawk but they're very limited. Review collected by and hosted on G2.com.

Recommendations to others considering StackHawk:

If you are using GraphQL in your tech stack then StackHawk should be a no-brainer. Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

- Building secure applications and keeping them secure

- Enterprise sales are easier when you are a customer of Stackhawk Review collected by and hosted on G2.com.

Chance H.

COO

Small-Business (50 or fewer emp.)

5/17/2021

"Stackhawk offers a cutting edge DAST tool that integrates the way we need it to"

5/5

What do you like best about StackHawk?

After evaluating several vendors, We chose to use Stackhawk because of how well it integrated with our CI/CD process and that it works really well in containers, whereas most competitors are harder (or impossible) to implement with our configuration. Their team is engaged and responsive. Their solution is modern and easy to use. I'm happy we selected this solution. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

I don't have any complaints about using Stackhawk. Review collected by and hosted on G2.com.

Verified User in Public Policy

Small-Business (50 or fewer emp.)

5/17/2021

"In-depth and invaluable security insight packaged into the best UI you've ever seen"

5/5

What do you like best about StackHawk?

The detailed descriptions of vulnerabilities and linked cheatsheets are incredibly helpful, especially for busy developers that may not have done any work on fixing security bugs. The UI is extremely easy on the eyes and one of the most well designed I've ever seen, the same goes for the UX. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

Besides the CI setup issue we had which I believe was more of a codebase issue than a StackHawk issue (I wasn't involved), there really isn't anything currently in StackHawk that I have an issue with. Review collected by and hosted on G2.com.

Spencer K.

Cyber Security Analyst

Mid-Market (51-1000 emp.)

5/18/2021

"StackHawk Eases My Mind"

5/5

What do you like best about StackHawk?

As a cybersecurity professional, I constantly worry about vulnerabilities in our applications. StackHawk outlines exactly what we need to do to make the application more secure, and I don't have to go about my day worrying about what might be out there without my knowledge. It does all of the scanning that would have previously taken hours, and it does it in a matter of minutes. This leaves more time in my day to focus on other aspects of security. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

I have not found anything to dislike yet. Review collected by and hosted on G2.com.

Glen K.

Senior Product Engineer

Small-Business (50 or fewer emp.)

5/14/2021

"Great Product with even better support."

4/5

What do you like best about StackHawk?

StackHawk has a nice, clean, no-nonsense interface that gets to the point, and gets out of the way. It integrates nicely with our workflow and the customer support and success teams have been great to help us get our product to a better state. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

There is a bit of manual setup required that seems a little non-trivial, but given how modern applications are built I can't see a better way this could be done! Review collected by and hosted on G2.com.

Jason M.

ISEC Advisory Board Member / Course Content Expert

Mid-Market (51-1000 emp.)

5/12/2021

"DevSecOps tool for API and SPA’s dynamic scanning"

4.5/5

What do you like best about StackHawk?

Ease of deployment and speed to delivery. Tooling runs great for local dev as well in the CI. Uses GitOps approach for scanning definitions in CI. Ingesting Swagger/OpenAPI spec for surface scanning. Fast scanning and actionable results. ZAP on steroids with great tooling and developer experience. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

Would like to see smoketesting for CD to make sure basic security controls are in place for prod deploys. Review collected by and hosted on G2.com.

Verified User in Hospitality

Mid-Market (51-1000 emp.)

5/26/2021

"Fast and effective DAST tool"

4.5/5

What do you like best about StackHawk?

StackHawk is an excellent tool built to find vulnerabilities developers typically miss and do not foresee when building applications. The support for both SOAP and REST APIs make it versatile to use for a variety of applications. The scan times are quick and resources are easily customizable in the Docker container. The ability to test against certain technologies using flags is a great plus to speed up scan times as well. The support team's quick turnaround times to resolve troubleshooting problems is a great asset to have when onboarding applications. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

Only supports running in a Docker container, would love to see a .jar extension to attach to applications for faster onboarding when containers are not readily available for use Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

This is the first DAST tool we have adopted and have begun implementing this into our CI/CD workflows. Ultimately we aim to identify all vulnerabilities wherever possible to ensure our ecosystem is safe and secure, and StackHawk is providing great value to our goal. The quick scan times provide an easier integration with the remaining components of our pipelines, and the ability to scan SOAP apps is a must until we're able to retire our legacy apps or convert them to REST APIs. Developers are also able to scan applications from their local workstations to capture vulnerabilities early on and wherever else StackHawk is not yet integrated into our CI/CD pipeline for a particular application. Review collected by and hosted on G2.com.

Verified User in Hospital & Health Care

Mid-Market (51-1000 emp.)

5/20/2021

"Great DAST Scanner that empowers developers"

5/5

What do you like best about StackHawk?

Easy to configure applications, containerized scanning, high-quality API & GraphQL scanning, and unlimited application scanning Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

We are currently working with the StackHawk team to reduce the number of false positives. Since the scanner works off of ZAP, improvements can be made to reduce the number of false positives in the scans. Additionally, recommendations can be improved to include action items relevant to the developer. Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

Traditional DAST scanners scan a few assets at a scheduled time and can only find vulnerabilities after they have hit production. StackHawk allows us to empower developers and scan an unlimited number of applications before issues hit production. Additionally, StackHawk offers GraphQL and API scanning capabilities not found with other vendors. Review collected by and hosted on G2.com.

Luis R.

Senior Application Security Engineer

Enterprise (> 1000 emp.)

5/28/2021

"Great Dast for Modern Applications"

4.5/5

What do you like best about StackHawk?

The Stackhawk dashboard is intuitive and functional. I also really appreciate the low level of false positives as well. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

It would be helpful if there were a way to automatically scan APIs without swagger documentation. Review collected by and hosted on G2.com.