CloudCheckr vs Rapid7 InsightAppSec comparison

"The solution is mostly stable."

"The recommendation section is pretty helpful."

"It's one of the leading players for cloud optimization. It's hard to find anything better."

"CloudCheckr has impacted my organization positively by making things easier and saving time, approximately three hours a week."

"It will automatically suggest areas for optimization."

"The most valuable feature of CloudCheckr CMx High Security is granular reporting. Additionally, the user interface is easy to use."

"CloudCheckr has enabled an average cost saving of approximately 25% from the last year, and this occurred while also increasing the scale of production."

"The solution is scalable for our purposes."

"Relatively speaking, InsightAppSec is good compared to Insight VM."

"The solution is stable."

"Dynamic application security scanning provides predefined templates and supports customization. The ability to scan external and internal applications, including on-premises ones, is precious. Additionally, it is a cloud platform, so we don't need to deploy servers or resources. This makes it time-efficient and cost-effective."

"I rate stability ten out of ten."

"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."

"When considering DAST, it is not attributed to a singular feature but rather the capabilities of the engine that provides a genuine penetration testing experience and delivers insightful reports."

"The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great."

"The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset."

"CloudCheckr CMx High Security is complex. There are a lot of menus, and if you do not know what you are looking for you can get lost. However, the interface is self-explanatory. It's easy to understand where to go to get what you want."

"The solution must improve its user interface."

"The solution needs to work better with larger capacities of data."

"Some aspects could be made more customizable, such as the dashboard and UI."

"What needs to be improved in CloudCheckr CMx High Security is integration. All the clouds are going quite fast, for example, all the cloud providers: Microsoft, Google, etc. CloudCheckr CMx High Security is good with AWS, no doubt about it, but with Azure and Google Cloud, I find that the solution is slow in that direction. If the vendor planned for CloudCheckr CMx High Security to be automated just for AWS, then it does make sense. If not, if the vendor is also targeting good integration with Google and Microsoft, then CloudCheckr CMx High Security integration needs improvement, in particular, it has to be faster. At the moment, its integration with Azure is not as good as its integration with AWS. With GCP, integration is nowhere."

"Self-healing could be a bit smoother and a bit cleaner, easier to access and more functional. That would help."

"The reporting and analytic capabilities are very limited."

"The performance of the tool really needs to be improved."

"Rapid7 InsightAppSec needs improvement in detecting phishing pages."

"In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives."

"We get a lot of false positives during the tests."

"There is room for improvement in the response time of customer service and support levels."

"The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications and should also cover mobile applications, including firmware recommendations."

"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."

"They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity."

"When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved."

"The cost is on par with other providers."

"The solution is reasonably priced."

"A license is needed to use CloudCheckr CMx High Security, but because we are a managed service provider, the price of the license would vary. It depends on the type of cloud users we have, for example, it would be some type of percentage or monthly billing, etc."

"I'm not sure how much it costs exactly, but I know it's expensive."

"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."

"Its price is competitive. It is not expensive."

"The price of this product is very cheap."

"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."

"Rapid7 InsightAppSec is cheap."