# StackHawk Reviews **Vendor:** StackHawk **Category:** [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast) **Average Rating:** 4.6/5.0 **Total Reviews:** 68 ## About StackHawk StackHawk is reimagining AppSec for AI-driven development, where applications are built faster than traditional AppSec tools can keep up. Our AppSec Intelligence Platform combines scalable runtime testing with complete attack surface discovery from source code. We integrate directly into development workflows and provide context-aware remediations to developers, enabling teams to find and fix exploitable vulnerabilities before they reach production. With real-time visibility and centralized program intelligence, AppSec teams can prioritize testing and fixing what matters. Companies like British Airways, ITV, and Norstella trust StackHawk to evaluate application risk, prove program value, and scale testing coverage to match development velocity. ## StackHawk Pros & Cons **What users like:** - Users appreciate the **easy integrations** with CI tools, simplifying the setup of automated security scans. (10 reviews) - Users praise the **excellent customer support** of StackHawk, always ready to assist with any inquiries. (9 reviews) - Users find StackHawk's **ease of use** boosts productivity, thanks to its straightforward interface and helpful support. (9 reviews) - Users value the **seamless integrations** with tools like Snyk, enhancing their automated testing and security processes. (7 reviews) - Users commend StackHawk for its **impressive scanning efficiency** , enabling fast identification of vulnerabilities and seamless CI/CD integration. (5 reviews) - Users commend StackHawk for its **automated scanning** , enabling quick and efficient identification of security vulnerabilities. (4 reviews) - Easy Setup (4 reviews) - Integration Capabilities (4 reviews) - Security (4 reviews) - Setup Ease (4 reviews) **What users dislike:** - Users find the **setup complexity** frustrating, with a steep learning curve and tedious configuration requirements for each application. (5 reviews) - Users find the **complex setup** of StackHawk frustrating due to cumbersome YAML configurations and a steep learning curve. (4 reviews) - Users find the **high learning curve** of StackHawk challenging due to its complex scripting and setup requirements. (3 reviews) - Users note the **lack of features** in StackHawk, particularly for API collections and vulnerability management. (3 reviews) - Users note the **limited scope** of StackHawk, restricting its usage and functionality for comprehensive security needs. (3 reviews) - Authentication Issues (2 reviews) - Difficult Customization (2 reviews) - False Positives (2 reviews) - Inadequate Remediation (2 reviews) - Users find **inadequate reporting** frustrating, wishing for better dashboards and automated sharing of vulnerability progress. (2 reviews) ## StackHawk Reviews ### 1. A Game-Changer for DevSecOps **Rating:** 5.0/5.0 stars **Reviewed by:** Todd L. | Senior Site Reliability Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** November 09, 2023 **What do you like best about StackHawk?** I appreciate StackHawk for its comprehensive documentation, which is incredibly helpful for passing on to developers, ensuring everyone shares responsibility in writing scans. The speed and configurability of StackHawk's scanning capabilities are impressive; I can fine-tune the balance between cost and effective scan speed to suit our needs. StackHawk embodies a shift-left mentality, allowing us to identify issues earlier in the development cycle, thereby reducing technical debt and enhancing application security. The product is rich in features, and the support from the StackHawk team ensures the success of using the product. The scanning speed, previously a challenge with Tenable Nessus, has drastically improved since switching to StackHawk, especially with its configuration-as-code approach as opposed to a traditional web interface. Additionally, the initial setup was very quick and simple, making it easy to get started and integrate seamlessly with our existing tools like GitHub CodeQL and Jira for handling findings. **What do you dislike about StackHawk?** The only improvement would be additional automation integration with results associating with a release. **What problems is StackHawk solving and how is that benefiting you?** I use StackHawk for DAST and API scans, providing early pen testing results. It helps our team become aware of issues earlier, leading to less tech debt and better security. The fast, tunable scans and effective documentation enhance developer collaboration. ### 2. StackHawk is a great DAST security tool **Rating:** 5.0/5.0 stars **Reviewed by:** David M. | Director of Security, Mid-Market (51-1000 emp.) **Reviewed Date:** January 23, 2025 **What do you like best about StackHawk?** We have recently partnered with StackHawk for dynamic security code scanning and the product has been fantastic. StackHawk has many methods for performing code scanning tests which have been helpful for our development team. But I want to mention that perhaps the greatest thing about StackHawk has been their employees and the support they provide. (Most big software manufacturers sort of drop you off the deep end of the pool and disappear.) I will say that the customer on-boarding we had from StackHawk and their professionals was one of the best I've seen in my long career. They have a bunch of experts who are friendly and will assist you in getting the tools set up, explaining all of the features and options, and there to assist when you need help. I'd like to extend my genuine thanks to all at StackHawk for making our security program better and being a great partner. **What do you dislike about StackHawk?** I do not have any dislikes regarding StackHawk. **What problems is StackHawk solving and how is that benefiting you?** We had been using tools from larger software vendors, but they were becoming less effective and their value was declining over time (compared to the ever increasing costs). We looked around this crowded vendor space and reviewed several solutions for code scanning, API scanning, etc. We found that StackHawk was quite easy to set up and integrate. We also found that their staff and support were top notch. ### 3. Stachawk efficiently processed the data, providing insightful analytics and reports. **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Higher Education | Small-Business (50 or fewer emp.) **Reviewed Date:** April 03, 2025 **What do you like best about StackHawk?** Stachawk efficiently performed a comprehensive security assessment, identifying potential issues such as SQL injection, XSS, and security misconfigurations. The detailed reports provided clear insights into each vulnerability, along with recommendations for remediation. Another key feature was its ability to adapt to different environments, making it a versatile solution for both black-box and white-box testing scenarios. **What do you dislike about StackHawk?** A learning path should be added to help users maximize the potential of Stachawk. While the tool is powerful and intuitive, a structured learning path would provide step-by-step guidance on configuring scans, interpreting results, and implementing security best practices. **What problems is StackHawk solving and how is that benefiting you?** Stachawk addresses the need for a DAST scanner that supports ethical hacking, enables early vulnerability detection, and enhances secure development practices. By automating security assessments, it allows cybersecurity professionals and development teams to identify weaknesses in web applications before they can be exploited. Its capabilities facilitate proactive security testing, helping organizations integrate security into their SDLC (Software Development Life Cycle) and adopt a shift-left approach. With Stachawk, teams can strengthen their security posture while ensuring compliance with industry standards and best practices. ### 4. DEV's Found It Easy To Integrate. INFOSEC Gets The DevSecOps View/Reporting **Rating:** 4.0/5.0 stars **Reviewed by:** Michael O. | Director of Security, Mid-Market (51-1000 emp.) **Reviewed Date:** October 28, 2024 **What do you like best about StackHawk?** The dev team found it fairl simple to get their codebase/apps (Python, BitBucket, Jenkins, Jira) integrated... we had a volunteer who went through the process & provide steps so the rest could cookie-cutter it. **What do you dislike about StackHawk?** I am not a coder - I'm on the InfoSec side of the house. So my take about SH relates to the admin portal & reporting... both of which of very good. It was easy to invite devs to the portal & the reports provide info that I use to relay for compliance/security work. **What problems is StackHawk solving and how is that benefiting you?** It does a few things for us: 1. Adds a DAST function that automates discovery of vulns. Previously done by humans - not ideal. 2. Help us to create a DevSecOps culture. We are pairing this with Snyk to have a soup-to-nuts CI/CD analysis. 3. Both 1&2 help us meet GRC requirements. Code-development has become a focus for more than a few compliance/privacy rules. ### 5. Working with Stack Hawk experience... **Rating:** 4.5/5.0 stars **Reviewed by:** Ramgopal K. | Sr Security Consultant, SME& Tool Admin, Enterprise (> 1000 emp.) **Reviewed Date:** December 16, 2024 **What do you like best about StackHawk?** The onboarding of application. Vendor customer support. API files scanning. Easy to use and implementation and DevSecOps CI/CD integration The dashboard results... Attack Surface utilization... etc., **What do you dislike about StackHawk?** To onboard each application why should we have to involve each application POC to write their extra files to configure into the system. Here its lagging time to pass KT to each application POC to come up with their config Yaml file. **What problems is StackHawk solving and how is that benefiting you?** As of now we have onboarded few of our client applications to the Stack Hawk and seeing good results and using those results to implement more security with the help of Dev Teams to remediate the security vulnerabilities. ### 6. Amazing automatable DAST tool **Rating:** 5.0/5.0 stars **Reviewed by:** Alejandro F. | Sr Application Security Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** September 17, 2024 **What do you like best about StackHawk?** You can setup any type of authenticated scans due to its YAML configuration setup. It is possible to run internal scans since it only needs the binary to run it. Customer support has been great so far, they are always on and ready to answer any question, even their bot helps a lot. The integration they have with Snyk makes it great when it comes to deeper analysis. **What do you dislike about StackHawk?** They need more reporting capabilities, more dashboard views to showcase the progress of vulnerabilities remediation. Some customization of scan policies would be neat, the current way to apply policies for scans is very manual. **What problems is StackHawk solving and how is that benefiting you?** I can automate the security part of testing an application when it is deployed instead of having to do a manual pentest every single time. ### 7. A Fast, Developer-Friendly Security Solution with Clear Remediation Guidance **Rating:** 5.0/5.0 stars **Reviewed by:** Bonam B. | Senior Software Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** November 11, 2024 **What do you like best about StackHawk?** StackHawk is an efficient and developer-friendly tool for application security testing. One of its standout features is the easy integration with CI/CD pipelines, making it straightforward to incorporate into existing development workflows. Additionally, the scan times are quick, allowing teams to identify and address security vulnerabilities without significant delays to deployment. **What do you dislike about StackHawk?** if would be great if you guys provide score card & PDF report on email so that we can easily share with other prople higher managment **What problems is StackHawk solving and how is that benefiting you?** mainly it highlightes the security flaws and outdated software recomondations ### 8. Fantastic DAST product for the container world **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** July 15, 2024 **What do you like best about StackHawk?** Central management platform - StackHawk's SaaS management platform significantly simplifies the management of our applications. It provides an intuitive workflow for issue triage and remediation, making it easier for our team to identify, prioritize, and address security vulnerabilities efficiently. Container-first orientation - the container-first approach of StackHawk's scanners provides unparalleled flexibility and ease of integration within our workflows. Given our unique requirements and constraints, this architecture enables us to build custom scanning workflows easily with our own scaffolding with more powerful configuration than any other DAST scanner we've tested. This flexibility not only meets our current needs but also positions us well for future integration with developer-centric processes. Customer support - StackHawk's customer success team has been exceptional in guiding us towards effective use of their product. They keep us engaged with regular updates and news, and they are incredibly responsive to our questions, feature requests, and bug reports. Their proactive support has been instrumental in maximizing the value we derive from StackHawk. Engaging brand identity - on a personal note, I greatly appreciate StackHawk's creative bird-themed branding. Their attention to detail in maintaining a cohesive and engaging brand identity, even in their internal libraries, adds a touch of personality and fun to our interactions with the tool. **What do you dislike about StackHawk?** The most difficult part of working with StackHawk is the code-oriented nature of scripting, especially for application authentication. Many scanners use passive proxy mechanisms to capture authentication traffic, which makes it easy to get up and running rapidly with authenticated scanning. StackHawk does not offer this, opting instead for more powerful customization via their scripting engine. This may not be for everyone. **What problems is StackHawk solving and how is that benefiting you?** We were able to meet our compliance requirements using other tooling, but StackHawk enabled us to implement headless, authenticated DAST in a fully-automated fashion so we no longer have to spend the time to execute scans manually. This was the main problem that drove us to StackHawk in the first place - but with some creativity, we are now planning for what we call the "ultimate shift left" for DAST, putting DAST directly in the hands of developers, in a controlled fashion. The automation, and subsequently putting the tool in the hands of developers, allows us to scale the application security program beyond just the application security team so that we achieve the coverage that we need. ### 9. StackHawk - An upcoming DAST solution **Rating:** 4.0/5.0 stars **Reviewed by:** Shivani Santosh K. | Associate Security Specialist, Mid-Market (51-1000 emp.) **Reviewed Date:** November 21, 2024 **What do you like best about StackHawk?** Its configurable nature and diverse integration option. And the very supportive customer support team who value the feedback and make sure changes are reflected in upcoming releases. **What do you dislike about StackHawk?** The limitation of being able to use with only internet accessible surface and limitation on on-prem usage. Additionally, lack of granular roles to avoid accendential deletion of scan and scan result by a unaware user. **What problems is StackHawk solving and how is that benefiting you?** Helping us streamline our secure development initiative ### 10. Excellent customer service **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Banking | Mid-Market (51-1000 emp.) **Reviewed Date:** December 23, 2024 **What do you like best about StackHawk?** The StackHawk team achieves what seems impossible. **What do you dislike about StackHawk?** The path was not very clear as we embarked on the beginning of our journey. **What problems is StackHawk solving and how is that benefiting you?** We want to address all the security weaknesses in our microservices, and StackHawk has allowed us to gain visibility into issues that we cannot test in other quality gates. ### 11. StackHawk Review **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Restaurants | Mid-Market (51-1000 emp.) **Reviewed Date:** January 10, 2025 **What do you like best about StackHawk?** I like the ability to configure the YAML file centrally. I like the integrations that are available as well. **What do you dislike about StackHawk?** The configs of the YAML file and authenticated scans can be frustrating. **What problems is StackHawk solving and how is that benefiting you?** Scan apps pushed to staging in the pipeline ### 12. Review **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** February 18, 2025 **What do you like best about StackHawk?** Its scanning capabilities and easy integration into our CI/CD pipelines **What do you dislike about StackHawk?** Simplified documentation for the yml specs. I have to search all over and go through a ton of trial and error when it comes time to setup configurations for stackhawk. **What problems is StackHawk solving and how is that benefiting you?** We needed DAST and it provides that to us ### 13. Positive product experience with helpful resources. **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** July 01, 2024 **What do you like best about StackHawk?** It's very fast to setup and get integrated. It has great configuration support and additional options. **What do you dislike about StackHawk?** A downside to StackHawk is it's inability to create API endpoint collections automatically. At the time of this review it is not a function, or atleast a public one. **What problems is StackHawk solving and how is that benefiting you?** StackHawk helps us identify vulnerabilities in API services and code - closer to the developer and less removed. ### 14. The team has been very helpful with the onboarding process. **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Government Relations | Mid-Market (51-1000 emp.) **Reviewed Date:** September 13, 2024 **What do you like best about StackHawk?** I managed to get most things working very quickly. **What do you dislike about StackHawk?** I am trying to solve one issue: excluding the path /actuator from the scans. I have followed the docs and used the AI bot, but because I am in NZ, it is difficult to make contact with a real person due to timezone differences. **What problems is StackHawk solving and how is that benefiting you?** Soc2 DAST compliance ### 15. Great SaaS-first DAST product **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Insurance | Mid-Market (51-1000 emp.) **Reviewed Date:** November 08, 2023 **What do you like best about StackHawk?** StackHawk was built with a SaaS first mindset, unlike many of the competing products in the space, which made it a perfect fit for our needs. It has just the right number of features and does what it does very well. We've been able to automate much of our interaction with the product through the robust APIs provided out of the box. Integrations are easy and straight forward. As a result, we're able to scan our products for vulnerabilities on every build as well as via continuous scanning from our CI/CD tooling. I love the Slack-based customer support. As an early customer, we've been able to participate in beta and even pre-release design and have a great relationship with the StackHawk team. **What do you dislike about StackHawk?** We've struggled with some of our larger APIs not completing scans in a timely manner. The StackHawk support team has been great about helping us solve for it. **What problems is StackHawk solving and how is that benefiting you?** We've shifted our security to the left and StackHawk helped us do that in an easy, automated way. We're able to scan our internet-facing solutions early and often to ensure we're not introducing vulnerabilities in our products. ### 16. StackHawk: A great DAST tool to ensure API Security **Rating:** 4.5/5.0 stars **Reviewed by:** Prateek J. | DevSecOps Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** July 08, 2023 **What do you like best about StackHawk?** 1. It's a complete DAST and runtime security tool that can test any web application 2. Easy to integrate with almost all the major CI tools for automated testing 3. Dashboard provides almost all the necessary information with resolutions of findings 4. Quality support team **What do you dislike about StackHawk?** 1. Pricing is a bit high for small and medium businesses 2. You will find some false positives in the scan report **What problems is StackHawk solving and how is that benefiting you?** We have multiple web applications built and hosted on various different platforms. This leads us to the problem of managing the API and runtime security of the application. StackHawk helps us in scanning all those applications with details reports and resolutions. ### 17. Overall a decent front end to ZAP scanning **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** November 08, 2023 **What do you like best about StackHawk?** Relatively easy to use once initial setup is done. Easy to add in automation. Decent interface. Customer support was very helpful. **What do you dislike about StackHawk?** Not quite intuitive setup, so a bit of a learning curve. Hard to manage vulnerabilities from a perspective of seeing how to manually reproduce and also to mark as false positive. No ability to mark application types and have custom severity on certain vulns based on that. eg XSS in website is more serious than in a json api. **What problems is StackHawk solving and how is that benefiting you?** We needed to scan our APIs daily to pick up any low hanging fruit and make sure it gets remediated immediately ### 18. StackHawk - A wonderful security testing tool **Rating:** 4.5/5.0 stars **Reviewed by:** Sunil B. | Salesforce Architect, Computer Software, Enterprise (> 1000 emp.) **Reviewed Date:** August 08, 2023 **What do you like best about StackHawk?** StackHawk is a wonderful security testing tool. It is easy to use and nice User interface. **What do you dislike about StackHawk?** I have not got any issues from StackHawk to this date. **What problems is StackHawk solving and how is that benefiting you?** StackHawk is solving our several problems and it is benefiting us a lot at this time. We fixed several vulnerabilities with stackhawk if any security issue affect our data. ### 19. Stackhawk has been a great tool to implement inside of our CI/CD pipeline for DAST scanning. **Rating:** 4.0/5.0 stars **Reviewed by:** Lake S. | Mid-Market (51-1000 emp.) **Reviewed Date:** November 08, 2023 **What do you like best about StackHawk?** The flexability of delpoyment is great when deploying rapidly. **What do you dislike about StackHawk?** There is not much training offered to get started with the tool. **What problems is StackHawk solving and how is that benefiting you?** It is solving our need to actively scan our in house developed applications and microservices. ### 20. Quick Scan **Rating:** 4.0/5.0 stars **Reviewed by:** MRIDUL N. | Individual contributor, Higher Education, Small-Business (50 or fewer emp.) **Reviewed Date:** June 23, 2023 **What do you like best about StackHawk?** I like that it is fast and dynamic, and I can also automate things. **What do you dislike about StackHawk?** Troubleshooting network-related issues is a hectic process **What problems is StackHawk solving and how is that benefiting you?** I use it for my web application scanning. It helps me find bugs in code that improves my application security. ### 21. Amazing **Rating:** 5.0/5.0 stars **Reviewed by:** Annmarie G. | UNDWC Website Developer, Enterprise (> 1000 emp.) **Reviewed Date:** August 03, 2023 **What do you like best about StackHawk?** StackHawk is a super effective product for the company. It saves us money AND makes our processes more efficient. **What do you dislike about StackHawk?** Nothing. I love StackHawk and what it does. **What problems is StackHawk solving and how is that benefiting you?** StackHawk helps us with API Security. **Official Response from Nicole Jones:** > Thanks for your review Annmarie!❤️ ### 22. Reliable solution **Rating:** 4.5/5.0 stars **Reviewed by:** Carlos N. | Small-Business (50 or fewer emp.) **Reviewed Date:** August 04, 2023 **What do you like best about StackHawk?** The price range is optimal, suitable for the organization size **What do you dislike about StackHawk?** I don't think there are any major downsize **What problems is StackHawk solving and how is that benefiting you?** Helping to find vulnerabilities, reducing the time every task takes **Official Response from Nicole Jones:** > Thanks for the review, Carlos! We're thrilled to hear StackHawk is saving you time🎉 ### 23. Excellent, easy-to-integrate security tools to enhance awareness and provide diagnostics **Rating:** 4.5/5.0 stars **Reviewed by:** Ryan R. | Software Engineering Lead, Small-Business (50 or fewer emp.) **Reviewed Date:** August 01, 2022 **What do you like best about StackHawk?** My team began using Stackhawk a few months ago for just one application that supports a website product. It provides us with potentially overlooked security risks and allows us additional verififcation data that risks/issues are mitigated as we expect. 1. Easy. Stackhawk provides tooling that is incredibly easy to setup. They provide awesome documentation to start using the CLI. I also recommend the web UI though as the configuration is super straightfoward. 2. Informative. The results of Stackhawk security scans are fantastic. The details on risks/items identified are useful, clear, and nicely visualized. The web tool also provides utilities (ie copy as cURL) to attempt reproduce specific test failures or run further diagnoses. 3. Thorough for APIs. Finally, the security scanning tools are exceptional for API based applications/systems. Especially with a strict typing based architecture like GraphQL, Stackhawk can really provide high value ouputs for a relatively tiny setup cost/effort. **What do you dislike about StackHawk?** I wouldn't say I dislike anything provided by Stackhawk at the moment. However, in the relatively contained method that we've used the tool, we have a few recommendations available for consideration. 1. Organization by concern area. The output risk items are nicely tagged. However, it would be valuable to provide tags or areas upfront that customizes/modifies the type of scan that is executed (ie targeting risks for cross-site scripting) 2. Technology-specific or stack-specific scans. Our application is a Ruby on Rails website and Stackhawk currently treats that as a generic web app. This is not a problem but as Stackhawk expands it would be interesting to drill-down on high-value tests that are relevant to an application's current architecture. 3. Github Security issues. Lastly, since we use Github actions for CI, it would be awesome to see an integration where Stackhawk risks are written straight to the repository's security items. I'm sure this is already possible today and is a matter of time before it becomes built-in. **What problems is StackHawk solving and how is that benefiting you?** Stackhawk helps us be productive by providing security awareness and maintainence on a small team with limit capacity. It improves our efficiency and reduces development costs by providing us solid baseline security monitoring without the cost of spending major development time or having to pay external security groups/pen testers. ### 24. Good to have, in case it finds something in the future, but don't expect miracles **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Retail | Mid-Market (51-1000 emp.) **Reviewed Date:** July 20, 2023 **What do you like best about StackHawk?** Can find the most common vulnerabilities in common web applications. Easy to use and nice UI. **What do you dislike about StackHawk?** It comes nowhere near close to a real pen-testing, and it doesn't find many vulnerabilities in GraphQL. **What problems is StackHawk solving and how is that benefiting you?** Having a DAST tool. **Official Response from Nicole Jones:** > Thanks for your review! GraphQL scanning can be tricky. If you were not able to find many vulnerabilities in GraphQL, I recommend adding custom variables to your configuration. Using custom values allows you to scan operations that can potentially access real data and exercise more branches of your application’s code than default static values that may not exist in the context of your application. An alternative solution is to generate smart values with the Java Faker library instead of providing your own. HawkScan will use the Faker library to generate smarter values when the proper information is supplied in the GraphQL schema. ### 25. Greatly helped in securing my side project; better than most other tools with a free tier **Rating:** 5.0/5.0 stars **Reviewed by:** Victor P. | Full-Stack Software Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** September 22, 2021 **What do you like best about StackHawk?** 1. Comprehensive insights - Within an hour after doing the initial setup, I had actionable suggestions for issues I probably wouldn't have discovered otherwise. Most notably, it managed to identify cases in which my code would misbehave against hostile input, despite the fact that the code seemed perfectly fine from a logical point of view; the actual culprit was likely a mix of software versions and library dependencies, but this insight allowed me to develop a secure workaround. It also had many other suggestions, which were very much welcome, and I feel a lot more confident that I've done right by my users after enacting those changes. 2. Insights are easy to replicate - the request and response are detailed for each call, so you can verify them yourself. 3. A final plus worth noting is that it's easy to integrate with your CI/CD pipeline on most of the popular repository hosting sites. It's also highly configurable - you can decide how long you want the scanner to run for in total and for each individual rule it checks against as well. This makes it easier to sustain, as you might want lighter checks if you run it often. **What do you dislike about StackHawk?** The setup isn't the easiest compared to some competitors. You do have to download a Docker image and run the scanner, or integrate it into your CI/CD pipeline. However, this is a minor nitpick and I was up and running in less than 20 minutes. **What problems is StackHawk solving and how is that benefiting you?** I needed a security tool that could automate the security audit/pentest process, but the project I wanted to use it for was small and didn't have a budget available. After trying a few free tools, many of which gave me suggestions that were very low-risk or already addressed, or locked their better recommendations behind a paywall, I decided to try StackHawk. I was very impressed with the results, as mentioned above. StackHawk helped me secure my project, and the generous offering on the free tier was perfect for my needs. I would happily recommend trying it to anyone looking to improve the security of their projects, and I especially praise them for offering such an excellent service on the free tier. ### 26. Runtime security with StackHawk **Rating:** 4.5/5.0 stars **Reviewed by:** Avinash U. | DevOps Engineer-I, Enterprise (> 1000 emp.) **Reviewed Date:** March 18, 2022 **What do you like best about StackHawk?** The StackHawk tool has great documentation and is very intuitive to set up for a developer and for a DevOps person. With StackHawk, we can find vulnerabilities in a running environment rather than a static environment, which meant that we are aware of the threats to our application in a live environment. StackHawk has loads of CICD and notification integrations, although a few popular notification channels such as Discord are missing, which are used in most personal projects. **What do you dislike about StackHawk?** StackHawk lacks the feature to set optional integrations for certain applications and environments. All scan results from all applications and environments are sent to all integrations that are enabled. In the Datadog integration, the overall risk level is not sent and it is inconvenient to set up custom parsing rules to calculate the risk level and alert based on that. StackHawk requires a docker image for running tests in CICD, and not all applications are containerized, making this incompatible for non-containerized applications. A JUnit report format would have been an excellent addition to the existing list of JSON and PDF report formats. **Recommendations to others considering StackHawk:** StackHawk is heavily dependent on Docker. If your organization does not use Docker for your applications, StackHawk might not be the right fit for DAST. **What problems is StackHawk solving and how is that benefiting you?** We use StackHawk to find out vulnerabilities of our application when it is running through GitHub actions and through regular CLI checks. The output result is sent to Datadog/Slack. We are able to catch vulnerabilities before the application reaches production through the CICD integration and even monitor our production environment through the CLI. ### 27. Best security bug finder **Rating:** 5.0/5.0 stars **Reviewed by:** Sohail G. | Software developer, Small-Business (50 or fewer emp.) **Reviewed Date:** February 23, 2022 **What do you like best about StackHawk?** It quickly finds the bug and supports our team by fixing that security vulnerability. It helps my team with REST and GraphQL API Scanning & Simple Fix Documentations too. It's easy to use. **What do you dislike about StackHawk?** To this date,I Haven't found any issues from stackhawk. **Recommendations to others considering StackHawk:** Best anti-bug **What problems is StackHawk solving and how is that benefiting you?** We're working on an application where we get a lot of customers. If any security issue might affect our data, we've fixed the vulnerabilities with stackhawk while it's in the pipeline. We believe in the quote, "Prevention is better to cure". ### 28. Easy to use security bug finder **Rating:** 4.5/5.0 stars **Reviewed by:** AYROTI D. | Open source contributor, Small-Business (50 or fewer emp.) **Reviewed Date:** June 03, 2022 **What do you like best about StackHawk?** Stackhawk is an handy tool when it comes to security testing as well as operating. Tool helps me to avoid Vulnerable bugs. UI/UX of Stackhawk is top-notch and has vibrant colours. **What do you dislike about StackHawk?** Stackhawk isn't great when it comes to setup of the software as it requires docker image for running in CI/CD pipeline which makes incompetent for non-containerized applications and it's support team is best. **Recommendations to others considering StackHawk:** i would definitely recommend it **What problems is StackHawk solving and how is that benefiting you?** We're working on large codebase and one security vulnerability may cause our organization a huge loss, stackhawk plays a major role by finding security bug in live coding and suggests to how to solve. ### 29. StackHawk is the best security scanner I've used, among about half a dozen **Rating:** 5.0/5.0 stars **Reviewed by:** Woody P. | Co-Founder, CTO, Small-Business (50 or fewer emp.) **Reviewed Date:** February 16, 2022 **What do you like best about StackHawk?** In no particular order: I love their UI/UX. It presents issues clearly, where I can easily give them to junior programmers to investigate & fix with nothing more than a link to an issue or a scan. It provides good explanations for the issues it flags, as well as links to blog articles about the issues (sometimes specific to dealing with it in our particular framework). It also has detailed request data, including a cURL command to reproduce the issue, the response body, and highlights "evidence" it found attempting to prove that an issue is not a false positive. Their PDF reports aren't just a print version of the dashboard, but a well-formatted, good-looking, PDF-specific design that is a good deliverable for clients or just to record our security issues at a particular moment in time. Their dashboard is also easy to grok as well. I like that unlike other static analyzers that scan code to assess potential vulnerabilities, StackHawk scans your site to actually try to trigger vulnerabilities and produce evidence. Through this method, StackHawk found XSS vulnerabilities and warned about other potential issues that other tools didn't find, and were clearly reproduceable. Also, this method is more confidence inspiring, and has produced much fewer false positives than code analysis. Our company still uses static code analysis, as it is quick & cheap (good for continuous integration), but we now consider StackHawk the definitive tool for programmatic asessment of security vulnerabilities. I also like their pricing model. The free tier is legitimately useful, the pricing upgrades make sense, and I can just do it all myself. Several competitors offer similar scan products but cost thousands of dollars per year and require talking to an account manager to set up. I did talk to a couple sales reps for other products, and as a non-profit looking to keep costs low, two different sales reps never got back to me about discounted plans (and their free plans were just limited trials). One I never actually tried because the whole product was paywalled, which is fine for bigger clients I assume, but inaccessible to me. **What do you dislike about StackHawk?** The only downside to StackHawk so far is the time a scan takes. While static code analysis can take just minutes, or even seconds when focusing on the files in a particular changeset, StackHawk's scans take hours to complete and require us to either ramp up our test server capacity or dedicate a developer's machine to the scan. Slow scan time is fine if we're focused on security for a particular assessment or quarterly review, but we can't use it as part of our continuous integration pipeline "out of the box." They do have documentation on reducing scan times by optimizing the routes it looks at, parallelizing certain areas of the site, etc, but we'd have to set up a fair bit of infrastructure to get this working. We might, someday, but it's certainly not as easy as just hooking up a code analyzer to Github. Also, once you resolve an issue with your site, I couldn't find a way to re-run just that one issue and update the scan report because there isn't (or doesn't seem to be) a central list of issues. Instead, you have a list of scans, and although scans do show previously assigned/accepted/ignored issues as such in new scans, it displays scans as islands of their own. This just means to get a "clean" report we have to run an entirely new scan, which takes time, unless we also spend time optimizing our scan time. So far I've just let it run overnight, which minimizes my time spent, but re-checking just one issue would be nice. **What problems is StackHawk solving and how is that benefiting you?** We're checking the attack area of our site for vulnerabilities before a significant feature release. StackHawk has found several real issues other analyzers or security consultancies didn't find, and with a very low signal-to-noise ratio. As mentioned previously, since the issues are presented so clearly, we've been able to assign these issues to be fixed by more junior programmers, which is an added cost benefit. ### 30. The Most Essential DevSecOps DAST Tool Available Today **Rating:** 5.0/5.0 stars **Reviewed by:** Ahsan A. | CEO, Small-Business (50 or fewer emp.) **Reviewed Date:** February 05, 2022 **What do you like best about StackHawk?** Many people aren't familiar with application security testing, development security operations, or the dynamic tools that can be used to test and monitor products. I love how StackHawk allows a single point of context to maintain a developer account for free. At the same time, a single pro user is (at the time of writing this) roughly $35/month, around the same as a typical gym membership. Application security is critically important, and StackHawk makes it available to nearly everyone. **What do you dislike about StackHawk?** There's nothing specifically to dliike, though I'd love to have more real time visual analytics formatted for mobile access. **Recommendations to others considering StackHawk:** Leverage the trial period to install and implement things early and with little to no risk or cost. Establish performance baselines, and then scan continuously as you deploy, roll out and release products. **What problems is StackHawk solving and how is that benefiting you?** StackHawk allow for all sorts of ongoing testing of my company's mobile apps. We do penetration testing, MFA testing, password algorthm, E2EE, load, flow, API testing, and more on iOS, android, our PWAs, dashboards, and even throughout our AWS cloud - with which it integrates smoothly and seamlessly. ### 31. It's a great DAST tool that easily integrates into our CI/CD pipeline **Rating:** 5.0/5.0 stars **Reviewed by:** Eran K. | Director Of Engineering, Mid-Market (51-1000 emp.) **Reviewed Date:** February 24, 2022 **What do you like best about StackHawk?** Stackhawk does a great job making configuring and running the scan as easy as possible by wrapping everything up to a docker container that can run both locally by developers and on CI. **What do you dislike about StackHawk?** We've had to put in a little effort to get it to work with OAuth authentication, but it's much less work and more straightforward than anything else we tried. **What problems is StackHawk solving and how is that benefiting you?** - SOC2 compliance requires running DAST, and Stackhawk helped us fill that need without a lot of effort. - Monitors our website for security issues we might have missed during development. ### 32. Fantastic DAST tool for integrating with your CI/CD pipeline **Rating:** 5.0/5.0 stars **Reviewed by:** Brandon B. | Senior Product Security Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** February 03, 2022 **What do you like best about StackHawk?** The SaaS platform makes this product easy and fast to implement and aggregate findings to make it extremely easy to view and validate findings. The ability to seamlessly run a scan that is hosted locally in docker that will give you the same results as a deployed resource. This gives developers the ability to run their scans before ever committing code. **What do you dislike about StackHawk?** The scanners lacks fine-grain customization into the underlying ZAP scanner. The configurations could expose more of the underlying functionality to customize scans better. **What problems is StackHawk solving and how is that benefiting you?** We can now run DAST inside of our pipeline. This saves us time and gives us peace of mind. ### 33. The Stackhawk Experience was impressive from the beginning to fully integrated into our CI/CD **Rating:** 5.0/5.0 stars **Reviewed by:** Charles E. | Sr. Full Stack Developer, Small-Business (50 or fewer emp.) **Reviewed Date:** February 07, 2022 **What do you like best about StackHawk?** The Stackhawk documentation was easy & helpful for our development team to integrate into our CI/CD. The Stackhawk team was very responsive, helpful & knowledgeable. **What do you dislike about StackHawk?** No complaints. The product is producing findings with helpful remediation tips and recommendations. **What problems is StackHawk solving and how is that benefiting you?** We've used Stackhawk to handle DAST scanning of our web hosted product and have already eliminated all High & Med findings, and now have real-time awareness to DAST security in our CI/CD pipeline to keep our product secure. ### 34. StackHawk for simplified security scans **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Publishing | Small-Business (50 or fewer emp.) **Reviewed Date:** February 09, 2022 **What do you like best about StackHawk?** StackHawk is very simple to set up and use, whether using the standard method of a Docker image or the new CLI tool. Either can easily be integrated with your choice of CI/CD system to automate the process for each developer's commits. We've found the resulting reports are easy to understand for both developers and management. In particular, we like the ability to replicate each test with the cURL command provided in the report. Support and sales have gone above and beyond in getting us set up. **What do you dislike about StackHawk?** We haven't yet found anything we dislike about StackHawk. For our small business, it's been an ideal fit so far. **Recommendations to others considering StackHawk:** I would recommend signing up for a free trial and testing it for yourself. StackHawk was simple to setup so it won't take much time to discover if it will meet your needs. **What problems is StackHawk solving and how is that benefiting you?** We needed a quick security scan solution to help win a new account. StackHawk allowed us to close the deal while providing us with a solid on-going solution to find and fix security issues much earlier in our development cycle. ### 35. StackHawk proves to be an interesting tool in secure development pipelines **Rating:** 4.0/5.0 stars **Reviewed by:** Jonatas W. | Cloud Security Analyst, Small-Business (50 or fewer emp.) **Reviewed Date:** February 12, 2022 **What do you like best about StackHawk?** I like the ease of onboarding new applications. It is easy and practical, facilitating the user experience of security in the application development cycle. Additionally, the application utilizes native API development configurations through OpenAPI files. **What do you dislike about StackHawk?** It still seems too simplistic for the level expected in corporate environments. There is a lack of a way to manage multiple projects, but I believe it will be implemented in future releases. **What problems is StackHawk solving and how is that benefiting you?** I am implementing DAST analysis using the free tier, and this allows me to make my open-source environment more secure. The main feature is the automation of security tests directly in the CI/CD pipeline. ### 36. Shift Left on Security with Stackhawk **Rating:** 4.5/5.0 stars **Reviewed by:** Alexander S. | VP of Engineering & Technology, Small-Business (50 or fewer emp.) **Reviewed Date:** February 19, 2022 **What do you like best about StackHawk?** Stackhawk is extremely simple to set up. The user interface, documentation, and examples really pave the way for a successful implementation. **What do you dislike about StackHawk?** I don't have anything to list as a dislike at the moment. Everything is working as expected. **What problems is StackHawk solving and how is that benefiting you?** Our team is focusing on strengthening our security posture. Automated DAST scanning on our pull requests was a piece of the puzzle Stackhawk solved. ### 37. Easy to use **Rating:** 5.0/5.0 stars **Reviewed by:** Evelyn S. | Software Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** February 22, 2022 **What do you like best about StackHawk?** The app is really easy to use and setup. Running scans is pretty simple and easy to check out your security issues **What do you dislike about StackHawk?** Honestly from using it for a few weeks already, I have nothing I dislike **Recommendations to others considering StackHawk:** Easy to use and setup **What problems is StackHawk solving and how is that benefiting you?** I'm running the scans on my personal app that had lots of security issues. ### 38. A great dynamic company that is promising and a maverick in the world of DAST platforms **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Transportation/Trucking/Railroad | Enterprise (> 1000 emp.) **Reviewed Date:** February 11, 2022 **What do you like best about StackHawk?** DAST tools have always been crude and traditional in the last decade. StackHawk brings a unique approach to DAST that is truly modern, easy to use and set up, and developer-friendly. **What do you dislike about StackHawk?** There's nothing I dislike about StackHawk specifically, but there's room for improvement on their solution. **Recommendations to others considering StackHawk:** If Shift-Left and DevSecOps is your strategy and goal, StackHawk is the right DAST tool for you **What problems is StackHawk solving and how is that benefiting you?** Licensing models from other DAST companies does not provide flexibility and most of the time, cost-prohivitive. StackHawk's pricing are reasonable and allows our business to scale keeping our application security budget sustainable. ### 39. A good DAST Tool, easy to integrate in your CI pipeline **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Small-Business (50 or fewer emp.) **Reviewed Date:** February 17, 2022 **What do you like best about StackHawk?** - A good knowledgeable and strong support and account team. - Easy to integrate with the existing CI pipeline. - Did a good job of reducing our vulnerabilities. - A great UI to review. **What do you dislike about StackHawk?** - Needs better notification and improvements to the notifications. - Alternate alerting system. - Needs more product lines to make this a single use tool. **What problems is StackHawk solving and how is that benefiting you?** - Stackhawk has greatly reduced our vulnerabilities and keeps our code in check by integrating with the CI pipeline. - The developers are always alerted for any new vulnerabilities introduced. ### 40. Attended a workshop at Devops.js **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Small-Business (50 or fewer emp.) **Reviewed Date:** March 30, 2022 **What do you like best about StackHawk?** How easy it was to set up, and while I may not need something so complete at the moment it's definitely something I would use with bigger projects. **What do you dislike about StackHawk?** That I wasn't aware of this type of code check before and how much time it could save in the end. **What problems is StackHawk solving and how is that benefiting you?** At the moment I haven't really solved any issue with StackHawk due to my project being quite small, but in a more mature and bigger project, this would solve a lot of issues. I mean having a test that analyzes and tells you some potential to improve your code is amazing. ### 41. Awesome DAST scanning **Rating:** 5.0/5.0 stars **Reviewed by:** Ali A. | Software Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** February 04, 2022 **What do you like best about StackHawk?** Easy to integrate, unlimited scans and applications allowed in the plan, performs well, dockerized **What do you dislike about StackHawk?** I wish there were more visibility into the types of rules or inputs that the scanner is using under the hood **What problems is StackHawk solving and how is that benefiting you?** It's already revealed a few defects in APIs, and is integrated into SDLC process ### 42. My encounter with StackHawk **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Small-Business (50 or fewer emp.) **Reviewed Date:** February 03, 2022 **What do you like best about StackHawk?** The integration with my application was seamless. I just had to deploy a docker and run it, and the stat scanner reported the vulnerabilities almost instantly. **What do you dislike about StackHawk?** StackHawk can improve the description of the vulnerabilities slightly to debug the issue faster. Stackhawk can give more examples for fixing security issues reported. **Recommendations to others considering StackHawk:** Go ahead and use this product to get your applications tested for security vulnerabilities. Using StackHawk saves a lot of time and effort. **What problems is StackHawk solving and how is that benefiting you?** I am trying to find security flaws in my application using StackHawk so that when I go into deployment, I don't get hacked. StackHawk benefitted me immensely by making the process seamless. ### 43. Solid CICD integration with a bright future **Rating:** 4.0/5.0 stars **Reviewed by:** Matt M. | Senior Product Security Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** February 07, 2022 **What do you like best about StackHawk?** Slick CICD integration for a known scanning tool **What do you dislike about StackHawk?** The core scanner is zap, without additional checks or enhancements. **What problems is StackHawk solving and how is that benefiting you?** Automating our CICD pipeline for DAST with decent jira integration ### 44. Perfect Security product for your business needs **Rating:** 5.0/5.0 stars **Reviewed by:** Lokesh V. | Quality Analyst, Small-Business (50 or fewer emp.) **Reviewed Date:** February 22, 2022 **What do you like best about StackHawk?** As we progress towards the future, Modern problems require modern solutions! StackHack is the perfect go-ahead for your business needs! **What do you dislike about StackHawk?** The frequent updates with new technologies, but it's good to have the updates to stay ourselves protected! **What problems is StackHawk solving and how is that benefiting you?** The frequent updates with new technologies, but it's good to have the updates to stay ourselves protected! ### 45. Awesome security automation with GraphQL support **Rating:** 5.0/5.0 stars **Reviewed by:** Christopher D. | VP Engineering, Small-Business (50 or fewer emp.) **Reviewed Date:** May 24, 2021 **What do you like best about StackHawk?** We've had nothing but a great experience working with the StackHawk team and their security automation tool. Our team operates in a continuous delivery environment, with several concurrent branches and environments at any given time. We release code several times per day, and StackHawk is able to provide us real-time scans of all of our branches, environments, and production deploys without any additional developer effort beyond initial setup. **What do you dislike about StackHawk?** We had some initial issues with getting the scans to work with our GraphQL endpoints, but we were able to work closely with the StackHawk team, and this has since become a non-issue. I'm not aware of many other dynamic security testing providers that have such robust GraphQL support. Kudos to the StackHawk team for leaning in and delivering an excellent solution for GraphQL security testing. **Recommendations to others considering StackHawk:** Setup a shared Slack channel, and you will receive answers to your questions blazingly fast! **What problems is StackHawk solving and how is that benefiting you?** Automated dynamic security testing helps us build a more secure platform, as well as gives our customers confidence that we take security seriously and partner with the best providers. ### 46. StackHawk is a strong DAST product for companies that care about their application security programs **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** February 03, 2022 **What do you like best about StackHawk?** -Very strong CI/CD integration -Augmented security detections to ZAP -A slick, fast UI -Supportive staff when we have questions **What do you dislike about StackHawk?** -Needs more augmented detection to discover real risks -Needs ability for custom detections/plugins -More customization on findings and options for suppression -Faster scans! **What problems is StackHawk solving and how is that benefiting you?** -Finding "real" problems through run-time scans -CI/CD integration for low/no touch scans for developers ### 47. Good Tool for Appsec **Rating:** 3.5/5.0 stars **Reviewed by:** Patrick R. | Security Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** February 07, 2022 **What do you like best about StackHawk?** Good tool for Dynamic App Scanning. Can greatly help with the Vulnerablity identification and remediation process **What do you dislike about StackHawk?** Does not seem to be a way to scan multipage/multisite applications or Mobile. **What problems is StackHawk solving and how is that benefiting you?** We are not currently implementing the product fully, just demo and poc phase. ### 48. Simple and easy to integrate automated testing tool! **Rating:** 5.0/5.0 stars **Reviewed by:** Jon C. | CTO, Small-Business (50 or fewer emp.) **Reviewed Date:** April 14, 2021 **What do you like best about StackHawk?** Incredibly easy to integrate into our CI/CD pipeline using their provided Docker image and detailed guides. It produces detailed yet easy-to-read reports that are suitable for sharing with stakeholders. StackHawk has helped increase stakeholder confidence in platform security. It has helped us make automated security testing one of the first things we do when spinning up a new project. StackHawk has helped us stay on top of issues early in the development process. The team is incredibly supportive and helpful if you run into any issues. **What do you dislike about StackHawk?** I wish there was a more automated flow for retrieving oauth credentials for your api/site when running tests, it is a bit manual at the moment. **What problems is StackHawk solving and how is that benefiting you?** StackHawk allows us to continuously test our code as part of our CI/CD workflow. Whenever a developer pushes up code, StackHawk runs against it and sends a report of any security issues it found. As an engineering lead, I can share the reports with other stakeholders, executives, and board members to communicate that we are identifying security issues proactively and addressing them before they become a problem. StackHawk has increased the confidence of everyone in our security practices. ### 49. Easy and quick setup **Rating:** 5.0/5.0 stars **Reviewed by:** iarly s. | Senior DevOps Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** April 15, 2021 **What do you like best about StackHawk?** In matters of minutes, one can set up and run a full scan against a web application. The intuitive and well-documented steps about how to integrate Stackhawk into the development lifecycle(build workflows, notifications) enabled us to get straight to what matters, which is the scan results. Stackhawk's support was really helpful when needed. **What do you dislike about StackHawk?** Some dashboard items could be improved, such as an option to export scan results to pdf and/or other formats; the scan page could be a bit less populated. Also, a pay per scan plan would be well appreciated. **Recommendations to others considering StackHawk:** Stackhawk tool is easy to use, can be easily integrated into the development lifecycle, and can enable teams to have better visibility over possible security issues in their web applications. **What problems is StackHawk solving and how is that benefiting you?** We need to make sure that the applications we make available to our customers comply with the most common web application security standards. ### 50. Easy and efficient scanning tool **Rating:** 5.0/5.0 stars **Reviewed by:** Jukka R. | CTO, Small-Business (50 or fewer emp.) **Reviewed Date:** May 19, 2021 **What do you like best about StackHawk?** - StackHawk is easy to take in to use - Built on the ZAP scanner, and they support its development as well - You can run it in different environments with Docker - Produces clear reports on the findings, and you can manage them with the UI so that false positives don't show up on every scan **What do you dislike about StackHawk?** I don't have anything to complain about. Their support solved all the problems we had during the onboarding process. Maybe it would be beneficial to have an even more detailed log on the scanner's action to debug issues. **What problems is StackHawk solving and how is that benefiting you?** We use it to catch security problems automatically during the development process and use the results it generates when we plan for security audits. ## StackHawk Discussions - [What is StackHawk used for?](https://www.g2.com/discussions/what-is-stackhawk-used-for) - [View StackHawk pricing details and edition comparison](https://www.g2.com/products/stackhawk/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-13+23%3A42%3A54+-0500&secure%5Bsession_id%5D=9eb32d3f-957d-4d25-a25d-7985181ef70c&secure%5Btoken%5D=e6cb10fe91eec19f6e1390212aaa0d7870eb26a0c3e5fe14e7663f8895079ba1&format=llm_user) ## StackHawk Integrations - [Bitbucket](https://www.g2.com/products/bitbucket/reviews) - [CircleCI](https://www.g2.com/products/circleci/reviews) - [Datadog](https://www.g2.com/products/datadog/reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) - [Jenkins](https://www.g2.com/products/jenkins/reviews) - [Jira](https://www.g2.com/products/jira/reviews) - [Microsoft Azure DevOps](https://www.g2.com/products/microsoft-azure-devops/reviews) - [Slack](https://www.g2.com/products/slack/reviews) - [Snyk](https://www.g2.com/products/snyk/reviews) - [Vanta](https://www.g2.com/products/vanta/reviews) ## StackHawk Features **Administration** - API / Integrations - Extensibility - Reporting and Analytics **Administration** - API / Integrations - Extensibility **Performance** - Issue Tracking - Detection Rate - False Positives - Automated Scans **API Management ** - API Discovery - API Monitoring - Reporting - Change Management **Cloud Visibility** - Data Discovery - Cloud Registry - Cloud Gap Analytics **Analysis** - Issue Tracking - Reconnaissance - Vulnerability Scan **Analysis** - Reporting and Analytics - Issue Tracking - Vulnerability Scan **Network** - Compliance Testing **Security Testing** - Compliance Monitoring - API Verification - API Testing **Security** - Data Security - Data loss Prevention - Security Auditing **Testing** - Command-Line Tools - Manual Testing - Test Automation - Performance and Reliability **Testing** - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Application** - Manual Application Testing - Black Box Testing **Security Management** - Security and Policy Enforcement - Anomoly Detection - Bot Detection **Identity** - SSO - Governance - User Analytics **Agentic AI - Vulnerability Scanner** - Autonomous Task Execution - Proactive Assistance ## Top StackHawk Alternatives - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (873 reviews) - [Intruder](https://www.g2.com/products/intruder/reviews) - 4.8/5.0 (206 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - 4.7/5.0 (773 reviews)