StackHawk

paid From $49/mo · Founded 2019 · cloud

Developer-DAST built on top of ZAP — CI-native, free tier, paid from $49/app/mo.

Free tier: free Developer plan — 1 application, limited scans/mo

Integrates directly into CI/CD pipelines, providing feedback within pull requests.
Offers a free developer plan for a single application with limited scans.
Built on the widely-used and well-understood open-source ZAP scanning engine.
Scans both traditional web applications and modern APIs (REST, GraphQL, SOAP).

Focuses exclusively on DAST, lacking integrated SAST or IAST capabilities.
The free plan is limited to one application and a small number of scans per month.
As a cloud-only solution, it may not suit organizations with strict on-premise requirements.
Relatively new to the market, founded in 2019, with a smaller feature set than legacy vendors.

Tags: web-appapidastdeveloperfree-tiersmall-teamcloud

Alternatives to StackHawk

freemium

AI-assisted DAST with free starter tier — paid plans from $99/mo, popular with SMB SaaS.

free

Most popular free open-source DAST scanner — active/passive web scanning, intercepting proxy, CI/CD integration.

freemium

Industry-standard pentest proxy — free Community for manual work, Pro $449/yr per user, Enterprise from $6,995/yr.

paid

Mature commercial DAST scanner from Invicti — quote-based, generally $4,500+/yr per target tier.