Logo of StackHawk

StackHawk

Website LinkedIn Twitter

Last updated on

Company health

Employee growth
15% decrease in the last year
Web traffic
18% decrease in the last quarter
Financing
February 2022 - $35M

Ratings

G2
4.6/5
(66)
Glassdoor
4.3/5
(13)

StackHawk description

StackHawk is a security testing tool that helps businesses find and fix vulnerabilities in their applications and APIs. Designed for today's fast-paced software development, it integrates directly into existing workflows and tools. StackHawk automates security checks early in the development process, making it easier for developers to identify and address issues before they become major problems. This helps companies release secure software faster and reduces the risk of costly security breaches.

Who is StackHawk best for

StackHawk is a developer-first security testing tool that helps find and fix application and API vulnerabilities. It integrates with existing workflows, enabling continuous security auditing. Users praise its configurable YAML setup and excellent customer support but note some limitations in reporting features and slow scan times for large APIs. StackHawk is best for small to mid-sized businesses with software engineering teams practicing DevOps and DevSecOps.

  • Best for small to mid-sized businesses.

  • Ideal for software engineering teams.

StackHawk features

Type in the name of the feature or in your own words tell us what you need
Supported

StackHawk scans APIs for vulnerabilities, supporting various API technologies.
Supported

StackHawk, via its HawkScan component, automatically scans web applications for security vulnerabilities.
Supported

StackHawk supports cross-site scripting (XSS) vulnerability testing.
Supported

StackHawk supports continuous security auditing through features like API discovery, testing, and oversight.
Supported

StackHawk supports SQL injection testing and integrates it into CI/CD pipelines.
Qualities

We evaluate the sentiment that users express about non-functional aspects of the software

Customer Service

Strongly positive
+1

Ease of Use

Strongly positive
+1

Ease of Implementation

Strongly positive
+0.75

StackHawk reviews

We've summarised 58 StackHawk reviews (StackHawk G2 reviews) and summarised the main points below.

Pros of StackHawk
  • Highly configurable YAML setup for authenticated scans.
  • Excellent customer support, very responsive and helpful.
  • Seamless integration with Snyk for deeper analysis.
  • Easy integration into CI/CD pipelines (e.g., Jenkins, GitHub Actions).
  • Container-first approach offers flexibility for custom scanning workflows.
Cons of StackHawk
  • Manual scan policies application.
  • Limited reporting features, lacking dashboard views.
  • Code-oriented scripting for authentication can be challenging.
  • Large APIs scans can be slow.
  • Limited customization of the underlying ZAP scanner.

StackHawk pricing

The commentary is based on 9 reviews from StackHawk G2 reviews.

StackHawk offers a free developer account and affordable pro user plans, starting at $35/month. While some users find the pricing a bit high for smaller businesses, many praise the generous free tier and overall value for the cost, especially for API security testing. Several reviewers highlighted the cost savings achieved by using StackHawk.

Users sentiment

Strongly positive
+1

See the StackHawk pricing page.

StackHawk alternatives

  • Logo of Intruder
    Intruder
    More geared towards broader cybersecurity compliance and vulnerability management. Has more momentum in terms of website traffic and employee growth. Provides real-time scanning and network scanning, unlike StackHawk. Users highlight its user-friendly interface, comprehensive scanning, and clear remediation advice. However, some users find it expensive. A good StackHawk competitor for businesses focused on continuous security monitoring.
    Read more
  • Logo of Bright Security
    Bright Security
    Has faster website traffic growth and employee growth. G2 reviews are higher, but Glassdoor reviews are lower. Implementation may be easier.
    Read more
  • Logo of HCL AppScan
    HCL AppScan
    Better for comprehensive security testing and centralized reporting. More established, with significantly more website traffic and employee growth. However, note the negative pricing sentiment from users. An HCL AppScan alternative for smaller budgets or those prioritizing developer experience may be preferred.
    Read more
  • Logo of Astra Pentest
    Astra Pentest
    Better for larger companies and compliance needs. Offers infrastructure scanning, unlike StackHawk. Has broader platform support, including web, iOS, and Android. Experiencing faster growth.
    Read more
  • Logo of Microsoft Defender for Cloud
    Microsoft Defender for Cloud
    Better for cloud security posture management across multiple cloud platforms and hybrid environments. Wider industry applicability, suitable for Healthcare, Consumer Goods, Manufacturing, Hospitality, Software/IT, and Automotive industries. Has more momentum based on website traffic and employee growth. Users appreciate real-time threat detection and seamless integration with Microsoft tools. However, users note its complex pricing and potential for alert overload.
    Read more
  • Logo of Dynatrace
    Dynatrace
    Better fit for larger organizations needing application performance monitoring and infrastructure insights. Has broader industry applicability and more momentum. Users highlight automated instrumentation and AI-powered diagnostics. However, licensing costs can be difficult to estimate. A strong StackHawk competitor and alternative.
    Read more

StackHawk FAQ

  • What is StackHawk and what does StackHawk do?

    StackHawk is an application security testing tool that helps developers find and fix vulnerabilities in their web applications and APIs. It integrates with existing workflows and CI/CD pipelines, enabling automated security testing early in the development process. This helps teams release secure software faster.

  • How does StackHawk integrate with other tools?

    StackHawk integrates seamlessly with CI/CD pipelines like Jenkins and GitHub Actions. It also integrates with Snyk for deeper analysis and supports various API technologies for comprehensive API scanning. This allows developers to automate security testing within their existing workflows.

  • What the main competitors of StackHawk?

    StackHawk's main competitors include Intruder, Bright Security, and Jit. These alternatives offer similar application security testing capabilities, focusing on developer-friendly integrations and vulnerability detection. Other competitors like Wiz, HCL AppScan, and Microsoft Defender for Cloud provide broader security solutions encompassing cloud infrastructure and compliance.

  • Is StackHawk legit?

    Yes, StackHawk is a legitimate security testing tool. It helps find and fix vulnerabilities in applications and APIs, integrating with existing workflows for streamlined security checks. User reviews praise its configurability and customer support. StackHawk prioritizes developer-centric security practices and is safe for implementing application security testing.

  • How much does StackHawk cost?

    StackHawk's pricing information is not publicly available. Contact StackHawk directly to determine if the product and its features are worth the investment for your needs.

  • Is StackHawk customer service good?

    StackHawk's customer service receives overwhelmingly positive feedback. Users praise the support team's responsiveness, helpfulness, and thoroughness in resolving issues and answering questions. The readily available support, including a helpful bot, contributes to a positive customer experience.

Reviewed by

MK
Michal Kaczor
CEO at Gralio

Michal has worked at startups for many years and writes about topics relating to software selection and IT management. As a former consultant for Bain, a business advisory company, he also knows how to understand needs of any business and find solutions to its problems.

TT
Tymon Terlikiewicz
CTO at Gralio

Tymon is a seasoned CTO who loves finding the perfect tools for any task. He recently headed up the tech department at Batmaid, a well-known Swiss company, where he managed about 60 software purchases, including CX, HR, Payroll, Marketing automation and various developer tools.