I use the solution to check multiple websites, particularly dynamic and e-commerce websites, for vulnerabilities within the code. The tool helps identify any vulnerabilities present in the code, providing precise information about the code that contains vulnerabilities.
In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions.
If there is any malicious network traffic targeting a specific web application, it is designed to detect and showcase the entire scenario. It provides insights into potential vulnerabilities, including issues related to process scripting or content security policy vulnerabilities.
Setting up and configuring scans within the tool is easy, and I would rate it a nine out of ten. It provides videos on YouTube, along with documentation that breaks down the process into step-by-step instructions.
Rapid7 InsightAppSec needs improvement in detecting phishing pages.
I have been using the product for four years.
I rate the solution's stability a six out of ten. There have been instances where fetching data, even for old users, took a long time.
I would rate the scalability at an eight out of ten on a scale from one to ten. There are occasional challenges with the product, particularly in onboarding, where delays can be experienced. This delay sometimes makes it difficult to address issues promptly, and reliance on queries may not always yield the desired results due to occasional bugs. Additionally, there have been instances where data retrieval after deployment takes time, sometimes up to 30 minutes to an hour. Scanning a single website can also be time-consuming, ranging from 25 to 30 minutes, and for multi-vendor e-commerce websites, it may take even longer to scan the entire site.
The initial setup is easy, to the extent that even a non-IT person can set it up.
Rapid7 InsightAppSec is cheap.
In a scenario involving the tool and preventing potential security breaches, let's consider a case where a security feature is deployed using Rapid7 InsightAppSec. Although I haven't personally experienced this, I can provide an example. Suppose there is a vulnerability in WordPress or Apache servers, and it identifies a new one-level zero-day attack template associated with it. In this case, it may have detected this vulnerability three months after its initial occurrence.
We utilize dynamic application security testing. It involves deploying an application by onboarding it onto a device, which is then linked to the application. The notable aspect is that we don't need to maintain a server for this process. Instead, we simply log in and configure Splunk Enterprise to connect with the product. There is no need to deploy a separate server. It provides clear, step-by-step instructions, including the provision of a dynamic key by the application, making it easy to implement with documentation.
I rate it an eight out of ten.