Try our new research platform with insights from 80,000+ expert users
Rapid7 InsightAppSec Logo

Rapid7 InsightAppSec Reviews

Vendor: Rapid7
4.1 out of 5
Leave a review

What is Rapid7 InsightAppSec?

Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

Get the Rapid7 InsightAppSec Buyer's Guide and find out what your peers are saying about Rapid7 InsightAppSec, Checkmarx One, Veracode and more!
Rapid7 InsightAppSec is the #6 ranked solution in top Dynamic Application Security Testing (DAST) solutions and #15 ranked solution in top AI Observability solutions. PeerSpot users give Rapid7 InsightAppSec an average rating of 8.2 out of 10. Rapid7 InsightAppSec is most commonly compared to Checkmarx One: Rapid7 InsightAppSec vs Checkmarx One. Rapid7 InsightAppSec is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 14% of all views.
Buyer's Guide
Rapid7 InsightAppSec
December 2025
Get the report
Helped 879,310 peers since 2012

Featured Rapid7 InsightAppSec reviews

Read more reviews

Rapid7 InsightAppSec mindshare

As of December 2025, the mindshare of Rapid7 InsightAppSec in the Dynamic Application Security Testing (DAST) category stands at 6.0%, up from 3.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Dynamic Application Security Testing (DAST) Market Share Distribution
ProductMarket Share (%)
Rapid7 InsightAppSec6.0%
Veracode21.2%
Checkmarx One18.0%
Other54.8%
Dynamic Application Security Testing (DAST)

PeerResearch reports based on Rapid7 InsightAppSec reviews

TypeTitleDate
CategoryDynamic Application Security Testing (DAST)Dec 30, 2025Download
ProductReviews, tips, and advice from real usersDec 30, 2025Download
ComparisonRapid7 InsightAppSec vs VeracodeDec 30, 2025Download
ComparisonRapid7 InsightAppSec vs Checkmarx OneDec 30, 2025Download
ComparisonRapid7 InsightAppSec vs HCL AppScanDec 30, 2025Download
Suggested products
TitleRatingMindshareRecommending
Checkmarx One3.818.0%88%79 interviewsAdd to research
Veracode4.021.2%90%207 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Rapid7 InsightAppSec offers seamless integration, robust web scanning, and a user-friendly interface. Customization in scanning, the attack replay feature, and easy setup enhance its value. It excels in dynamic application security with predefined templates and remediation capabilities, facilitating vulnerability management. The centralized dashboard provides critical insights, and its flexible deployment options support infrastructure needs. Reporting is accurate, though exporting issues exist due to browser settings.
  • "Rapid7 InsightAppSec is a good product for dynamic application security testing, providing neat reports that include validation actions and helping to generate web application firewall rules for web applications."
  • "The reporting functionality is excellent."
  • "I would rate the technical support from Rapid7 a ten, indicating high-quality support."

Room for Improvement

Rapid7 InsightAppSec lacks detailed reporting and user-friendly interfaces. Scans have configuration issues, often duplicating or replacing settings, and false positives occur frequently. Integration with ticketing systems and other tools is limited, affecting scalability. The interface can be glitchy and exporting data is cumbersome. Improving static and interactive analysis, enhancing AI capabilities and better support for WAF integrations are needed. Users face high pricing and need expanded scanning beyond web applications.
  • "In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives."
  • "There is room for improvement in Rapid7 InsightAppSec by giving clients the ability for extra columns on reports and enabling the extraction of remediation reports into a CSV format. Currently, the PDF format is cumbersome to go through when dealing with thousands of pages."
  • "The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports."

ROI

Users indicated that Rapid7 InsightAppSec significantly enhanced their application security. They experienced faster vulnerability detection and remediation, improved compliance, and reduced risk exposure. Time savings and streamlined processes led to better resource allocation. Enhanced security oversight and effective threat management contributed to higher confidence in their defense capabilities.

Pricing

Rapid7 InsightAppSec pricing experiences vary, with many finding it cost-effective and competitive compared to alternatives, while some consider it expensive and comparable to IBM's pricing. Available licensing options include yearly licenses for teams and project-based models, allowing unlimited user additions. Some users highlight the 60-day free trial offering valuable insights. Pricing ratings range from four to eight out of ten, suggesting overall satisfaction among enterprises, despite the noted variations in cost perceptions.
  • "Rapid7 InsightAppSec is cheap."
  • "I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
  • "I'm not sure how much it costs exactly, but I know it's expensive."

Popular Use Cases

Users primarily utilize Rapid7 InsightAppSec for vulnerability scanning of web applications, APIs, and internal and external systems. It supports dynamic application security testing, penetration testing, and compliance checks. While praised for coverage and a user-friendly interface, users note limitations in integration options with tools like SNOW and Jira. They conduct scans during development stages and provide detailed reports for validation, addressing issues and ensuring security across various environments.

Service and Support

Rapid7 InsightAppSec technical support is generally helpful, knowledgeable, and responsive, with users appreciating its assistance. However, challenges are noted in response times, regional time zone management, lack of direct calling options, and reliance on ticket systems. Some users feel the quality of assistance depends on licensing, while suggestions for improvements in feedback integration and faster response are common. Support is available but limited mainly to email, with local offices proving beneficial.

Deployment

Rapid7 InsightAppSec's setup is straightforward and quick. Users find it easy, often taking less than an hour without extra help due to comprehensive documentation. Cloud-based deployment simplifies the process, requiring minimal personnel. Challenges are rare, but some face complexity with API scanning. Many appreciate the lack of maintenance needs, as Rapid7 handles it. Most users emphasize the system's ease of use, even for non-IT individuals, facilitating efficient deployments.

Scalability

Rapid7 InsightAppSec's cloud-based design enables easy scalability. Users find it simple to expand by adding licenses as needed. Many appreciate its adaptability in growth, though costs can be a barrier. The platform suits medium and large enterprises, although integration can be a limitation. Some experience onboarding delays and data retrieval issues. Scalability ratings vary from four to nine out of ten. Most agree it supports expanding user bases and applications effectively.

Stability

Rapid7 InsightAppSec is praised for its stability, with no significant concerns reported. Users find it reliable, experiencing minimal downtime and manageable challenges. Connectivity issues sometimes arise due to internet disruptions, requiring re-scanning. While there are minor challenges during patches, users appreciate prior notifications. Stability ratings vary, with some users noting delays in data fetching and concerns about false positives. However, it generally receives high ratings, often between eight and ten out of ten for stability.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Rapid7 InsightAppSec Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business10
Midsize Enterprise2
Large Enterprise5
By reviewers
By visitors reading reviews
Company SizeCount
Small Business86
Midsize Enterprise64
Large Enterprise174
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
14%
Manufacturing Company
13%
Government
9%
Retailer
5%
Energy/Utilities Company
5%
Insurance Company
4%
Healthcare Company
3%
University
3%
Construction Company
3%
Real Estate/Law Firm
3%
Hospitality Company
3%
Non Profit
3%
Media Company
2%
Performing Arts
2%
Educational Organization
2%
Wholesaler/Distributor
2%
Outsourcing Company
1%
Recreational Facilities/Services Company
1%
Logistics Company
1%
Mining And Metals Company
1%
Legal Firm
1%
Comms Service Provider
1%
Transportation Company
1%
Leisure / Travel Company
1%
Pharma/Biotech Company
1%
Marketing Services Firm
1%
Wellness & Fitness Company
1%
Consumer Goods Company
1%

Compare Rapid7 InsightAppSec with alternative products

Go!

Learn more about Rapid7 InsightAppSec

Rapid7 InsightAppSec was previously known as InsightAppSec.

Rapid7 InsightAppSec customers

CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace

Related questions

  • 9
When evaluating Dynamic Application Security Testing (DAST), what aspect do you think is the most important to look for?
  • 14
Why is Dynamic Application Security Testing (DAST) important for companies?

Product Categories

Product Categories
Dynamic Application Security Testing (DAST)
AI Observability

Popular Comparisons

Popular Comparisons
Checkmarx One vs Rapid7 InsightAppSec Logo
Checkmarx One vs Rapid7 InsightAppSec
Veracode vs Rapid7 InsightAppSec Logo
Veracode vs Rapid7 InsightAppSec
HCL AppScan vs Rapid7 InsightAppSec Logo
HCL AppScan vs Rapid7 InsightAppSec
Invicti vs Rapid7 InsightAppSec Logo
Invicti vs Rapid7 InsightAppSec
OpenText Dynamic Application Security Testing vs Rapid7 InsightAppSec Logo
OpenText Dynamic Application Security Testing vs Rapid7 InsightAppSec
PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec Logo
PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec
Continuous Dynamic (formerly WhiteHat Dynamic) vs Rapid7 InsightAppSec Logo
Continuous Dynamic (formerly WhiteHat Dynamic) vs Rapid7 InsightAppSec
AppCheck vs Rapid7 InsightAppSec Logo
AppCheck vs Rapid7 InsightAppSec
StackHawk vs Rapid7 InsightAppSec Logo
StackHawk vs Rapid7 InsightAppSec
See all alternatives
 
Rapid7 InsightAppSec Reviews Summary
Author infoRatingReview Summary
Vulnerability Management Lead at garrett3.5We use Rapid7 InsightAppSec for internal and external application security assessments. It offers strong scan coverage and reporting. However, it needs better integration, fewer false positives, and enhanced AI capabilities. Its interface and scalability require improvement. We deploy via AWS.
Manager at a financial services firm with 5,001-10,000 employees3.0I used Rapid7 InsightAppSec alongside Insight VM for managing on-premises needs but found InsightAppSec better in web-based systems. Though it offers some good features, improvements are needed in customer support, integration, and pricing. I previously used different on-premises solutions.
Works4.0We use Rapid7 InsightAppSec primarily to scan for vulnerabilities in APIs and UIs, finding the remediation feature most valuable. However, report generation could be improved by allowing additional columns and CSV exports, as PDFs are cumbersome.
Head of Infrastructure at Pearl Data Direct4.0We use Rapid7 InsightAppSec mainly for securing our Java-based applications through monthly penetration tests. It excels in realistic threat simulation but needs improvements in customizable reporting and user interface. We also use Qualys WAS for vulnerability management.
IT Security Engineer at a financial services firm with 51-200 employees4.0I use InsightAppSec to help customers with environment scans, automating authorization effectively. However, it lacks virtual patching found in AppSpyder, which delays remediation. Competitors like Acunetix and Qualys have similar offerings. Deployment utilizes other cloud providers.
Technical Manager at a computer software company with 11-50 employees4.0No summary available
Cyber Security Trainer and Programmer at Freelancer4.0I use Rapid7 InsightAppSec to identify code vulnerabilities on dynamic and e-commerce websites. It features easy setup and configuration, includes integration through a CDM, and offers valuable insights and demo sessions. However, it could improve in detecting phishing pages.
Senior Cybersecurity Solutions Engineer at Trillium Information Security Systems4.5I use Rapid7 InsightAppSec for dynamic application security scanning of web applications to identify vulnerabilities. Its cloud platform eliminates the need for server deployment, but I wish it could also scan mobile and SaaS applications for comprehensive coverage.