Best Software for 2025 is now live!
Show rating breakdown
Save to My Lists
Paid
Claimed

StackHawk Reviews & Product Details

StackHawk Overview

What is StackHawk?

StackHawk makes it simple for developers to find and fix application security bugs. Scan your application for AppSec bugs in the code your team wrote, triage and fix with provided documentation, and automate in your pipeline to prevent future bugs from hitting prod.

StackHawk Details
Product Website
Languages Supported
English
Show LessShow More
Product Description

StackHawk makes it simple for developers to find, triage, and fix application security bugs. Scan your application for AppSec bugs in the code your team wrote, triage and fix with provided documentation, and automate in your pipeline to prevent future bugs from hitting prod.


Seller Details
Seller
StackHawk
Company Website
Year Founded
2019
HQ Location
Denver, CO
Twitter
@StackHawk
1,154 Twitter followers
LinkedIn® Page
www.linkedin.com
46 employees on LinkedIn®
Description

StackHawk is a leading application security company that specializes in automated security testing for developers. Their platform helps organizations identify and remediate vulnerabilities in web applications through dynamic application security testing (DAST) integrated into the development workflow. StackHawk's tools enable DevOps teams to improve security without sacrificing speed, allowing for continuous testing and deployment of secure code. For more information, visit their website at https://stackhawk.com.


Alexa S.
AS
Overview Provided by:

Recent StackHawk Reviews

Verified User
U
Verified UserMid-Market (51-1000 emp.)
4.0 out of 5
"Review"
Its scanning capabilities and easy integration into our CI/CD pipelines
David M.
DM
David M.Mid-Market (51-1000 emp.)
5.0 out of 5
"StackHawk is a great DAST security tool"
We have recently partnered with StackHawk for dynamic security code scanning and the product has been fantastic. StackHawk has many methods for per...
Verified User
A
Verified UserMid-Market (51-1000 emp.)
4.5 out of 5
"StackHawk Review"
I like the ability to configure the YAML file centrally. I like the integrations that are available as well.
Security Badge
This seller hasn't added their security information yet. Let them know that you'd like them to add it.
0 people requested security information

StackHawk Media

StackHawk Demo - Finding Details
Security bug finding details from a scan of your application. Bug details, fix documentation, request/response payloads, and paths where the bug was found.
StackHawk Demo - HawkAI - All Repos
API Discovery & Observability powered by HawkAI
StackHawk is the only modern API security testing tool that runs in CI/CD, enabling developers to quickly find and fix security issues before they hit production.
Play StackHawk Video
StackHawk is the only modern API security testing tool that runs in CI/CD, enabling developers to quickly find and fix security issues before they hit production.

Official Downloads

Answer a few questions to help the StackHawk community
Have you used StackHawk before?
Yes

67 StackHawk Reviews

4.6 out of 5
The next elements are filters and will change the displayed results once they are selected.
Search reviews
Popular Mentions
The next elements are radio elements and sort the displayed results by the item selected and will update the results displayed.
Hide FiltersMore Filters
The next elements are filters and will change the displayed results once they are selected.
The next elements are filters and will change the displayed results once they are selected.
67 StackHawk Reviews
4.6 out of 5
67 StackHawk Reviews
4.6 out of 5

StackHawk Pros and Cons

How are these determined?Information
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Cons

Overall Review Sentiment for StackHawkQuestion

Time to Implement
<1 day
>12 months
Return on Investment
<6 months
48+ months
Ease of Setup
0 (Difficult)
10 (Easy)
Log In
Want to see more insights from verified reviewers?
Log in to view review sentiment.
G2 reviews are authentic and verified.
David M.
DM
Director of Security
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: G2 invite on behalf of seller
Incentivized Review
What do you like best about StackHawk?

We have recently partnered with StackHawk for dynamic security code scanning and the product has been fantastic. StackHawk has many methods for performing code scanning tests which have been helpful for our development team. But I want to mention that perhaps the greatest thing about StackHawk has been their employees and the support they provide. (Most big software manufacturers sort of drop you off the deep end of the pool and disappear.) I will say that the customer on-boarding we had from StackHawk and their professionals was one of the best I've seen in my long career. They have a bunch of experts who are friendly and will assist you in getting the tools set up, explaining all of the features and options, and there to assist when you need help. I'd like to extend my genuine thanks to all at StackHawk for making our security program better and being a great partner. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

I do not have any dislikes regarding StackHawk. Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

We had been using tools from larger software vendors, but they were becoming less effective and their value was declining over time (compared to the ever increasing costs). We looked around this crowded vendor space and reviewed several solutions for code scanning, API scanning, etc. We found that StackHawk was quite easy to set up and integrate. We also found that their staff and support were top notch. Review collected by and hosted on G2.com.

TL
Senior Site Reliability Engineer
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: G2 invite on behalf of seller
Incentivized Review
(Original )Information
What do you like best about StackHawk?

Stackhawks people are my favorite part. Always updating and having a feel like they are an extension of my company always makes for a great vibe.

The scanning platform is fast. Default settings for scans, done via yaml markup, run great though they allow me to customize runners and spec for the container which runs said scan. Tuning this can make my scans greatly faster.

It's true integration to my CI, of which I use GitHub actions, and now with shift left knowing about vulnerabilities earlier in the process has kept us with a clean setup that no longer adds tech debt to our process.

The support is phenominal. The web chat is responsive, but they also helped make a Slack channel integration with our team to communicate updates and work through specific features. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

The only downside I can think of is when using Jenkins the containers it pulls down and reporting it does for a scan soaks up a bunch of disk on my Jenkins nodes and I end up having to do docker cleanup. Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

Ease of configuration per microservice and getting our scans in the faces of developers further up the pipeline before code vulnerabilities are merged. Review collected by and hosted on G2.com.

Michael O.
MO
Director of Security
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: G2 invite on behalf of seller
Incentivized Review
What do you like best about StackHawk?

The dev team found it fairl simple to get their codebase/apps (Python, BitBucket, Jenkins, Jira) integrated... we had a volunteer who went through the process & provide steps so the rest could cookie-cutter it. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

I am not a coder - I'm on the InfoSec side of the house. So my take about SH relates to the admin portal & reporting... both of which of very good. It was easy to invite devs to the portal & the reports provide info that I use to relay for compliance/security work. Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

It does a few things for us:

1. Adds a DAST function that automates discovery of vulns. Previously done by humans - not ideal.

2. Help us to create a DevSecOps culture. We are pairing this with Snyk to have a soup-to-nuts CI/CD analysis.

3. Both 1&2 help us meet GRC requirements. Code-development has become a focus for more than a few compliance/privacy rules. Review collected by and hosted on G2.com.

Ramgopal K.
RK
Sr Security Consultant, SME&amp; Tool Admin
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: G2 invite on behalf of seller
Incentivized Review
What do you like best about StackHawk?

The onboarding of application.

Vendor customer support.

API files scanning.

Easy to use and implementation and DevSecOps CI/CD integration

The dashboard results...

Attack Surface utilization... etc., Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

To onboard each application why should we have to involve each application POC to write their extra files to configure into the system. Here its lagging time to pass KT to each application POC to come up with their config Yaml file. Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

As of now we have onboarded few of our client applications to the Stack Hawk and seeing good results and using those results to implement more security with the help of Dev Teams to remediate the security vulnerabilities. Review collected by and hosted on G2.com.

AF
Sr Application Security Engineer
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: G2 invite on behalf of seller
Incentivized Review
What do you like best about StackHawk?

You can setup any type of authenticated scans due to its YAML configuration setup.

It is possible to run internal scans since it only needs the binary to run it.

Customer support has been great so far, they are always on and ready to answer any question, even their bot helps a lot.

The integration they have with Snyk makes it great when it comes to deeper analysis. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

They need more reporting capabilities, more dashboard views to showcase the progress of vulnerabilities remediation.

Some customization of scan policies would be neat, the current way to apply policies for scans is very manual. Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

I can automate the security part of testing an application when it is deployed instead of having to do a manual pentest every single time. Review collected by and hosted on G2.com.

BB
Senior Software Engineer
Enterprise(> 1000 emp.)
Validated Reviewer
Verified Current User
Review source: G2 invite on behalf of seller
Incentivized Review
What do you like best about StackHawk?

StackHawk is an efficient and developer-friendly tool for application security testing. One of its standout features is the easy integration with CI/CD pipelines, making it straightforward to incorporate into existing development workflows. Additionally, the scan times are quick, allowing teams to identify and address security vulnerabilities without significant delays to deployment. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

if would be great if you guys provide score card & PDF report on email so that we can easily share with other prople higher managment Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

mainly it highlightes the security flaws and outdated software recomondations Review collected by and hosted on G2.com.

Verified User in Information Technology and Services
AI
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: Seller invite
What do you like best about StackHawk?

Central management platform - StackHawk's SaaS management platform significantly simplifies the management of our applications. It provides an intuitive workflow for issue triage and remediation, making it easier for our team to identify, prioritize, and address security vulnerabilities efficiently.

Container-first orientation - the container-first approach of StackHawk's scanners provides unparalleled flexibility and ease of integration within our workflows. Given our unique requirements and constraints, this architecture enables us to build custom scanning workflows easily with our own scaffolding with more powerful configuration than any other DAST scanner we've tested. This flexibility not only meets our current needs but also positions us well for future integration with developer-centric processes.

Customer support - StackHawk's customer success team has been exceptional in guiding us towards effective use of their product. They keep us engaged with regular updates and news, and they are incredibly responsive to our questions, feature requests, and bug reports. Their proactive support has been instrumental in maximizing the value we derive from StackHawk.

Engaging brand identity - on a personal note, I greatly appreciate StackHawk's creative bird-themed branding. Their attention to detail in maintaining a cohesive and engaging brand identity, even in their internal libraries, adds a touch of personality and fun to our interactions with the tool. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

The most difficult part of working with StackHawk is the code-oriented nature of scripting, especially for application authentication. Many scanners use passive proxy mechanisms to capture authentication traffic, which makes it easy to get up and running rapidly with authenticated scanning. StackHawk does not offer this, opting instead for more powerful customization via their scripting engine. This may not be for everyone. Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

We were able to meet our compliance requirements using other tooling, but StackHawk enabled us to implement headless, authenticated DAST in a fully-automated fashion so we no longer have to spend the time to execute scans manually. This was the main problem that drove us to StackHawk in the first place - but with some creativity, we are now planning for what we call the "ultimate shift left" for DAST, putting DAST directly in the hands of developers, in a controlled fashion. The automation, and subsequently putting the tool in the hands of developers, allows us to scale the application security program beyond just the application security team so that we achieve the coverage that we need. Review collected by and hosted on G2.com.

SK
Associate Security Specialist
Mid-Market(51-1000 emp.)
Validated Reviewer
Review source: G2 invite on behalf of seller
Incentivized Review
What do you like best about StackHawk?

Its configurable nature and diverse integration option. And the very supportive customer support team who value the feedback and make sure changes are reflected in upcoming releases. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

The limitation of being able to use with only internet accessible surface and limitation on on-prem usage. Additionally, lack of granular roles to avoid accendential deletion of scan and scan result by a unaware user. Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

Helping us streamline our secure development initiative Review collected by and hosted on G2.com.

Verified User in Banking
UB
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: G2 invite on behalf of seller
Incentivized Review
What do you like best about StackHawk?

The StackHawk team achieves what seems impossible. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

The path was not very clear as we embarked on the beginning of our journey. Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

We want to address all the security weaknesses in our microservices, and StackHawk has allowed us to gain visibility into issues that we cannot test in other quality gates. Review collected by and hosted on G2.com.

Verified User in Restaurants
AR
Mid-Market(51-1000 emp.)
Validated Reviewer
Verified Current User
Review source: G2 invite on behalf of seller
Incentivized Review
What do you like best about StackHawk?

I like the ability to configure the YAML file centrally. I like the integrations that are available as well. Review collected by and hosted on G2.com.

What do you dislike about StackHawk?

The configs of the YAML file and authenticated scans can be frustrating. Review collected by and hosted on G2.com.

What problems is StackHawk solving and how is that benefiting you?

Scan apps pushed to staging in the pipeline Review collected by and hosted on G2.com.