IT Central Station is now PeerSpot: Here's why

Invicti vs Rapid7 InsightAppSec comparison

Cancel
You must select at least 2 products to compare!
Veracode Logo
49,629 views|28,481 comparisons
Invicti Logo
4,885 views|3,455 comparisons
Rapid7 Logo
3,150 views|2,404 comparisons
Featured Review
Buyer's Guide
Invicti vs. Rapid7 InsightAppSec
May 2022
Find out what your peers are saying about Invicti vs. Rapid7 InsightAppSec and other solutions. Updated: May 2022.
622,645 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail.""Veracode provides guidance for fixing vulnerabilities. It enables developers to write secure code from the start by pointing them to the problematic line of code, and saying, "This function/method has security vulnerabilities," then suggests alternatives to fix it. Then, we adopt their suggestions of the tool. By implementing it in the right way, we can fix the issue. For example, if the tool has found a method where it copied one piece of memory into another piece of memory in the code. The tool points to problematic methods with the vulnerability and provides ways to code it more securely. By adopting their suggestions, we are fixing this vulnerability.""You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs.""The policy reporting for ensuring compliance with industry standards and regulations is pretty comprehensive, especially around PCI. If you do the static analysis, the dynamic analysis, and then a manual penetration test, it aggregates all of these results into one report. And then they create a PCI-specific report around it which helps to illustrate how the application adheres to different standards.""The centralized view of different testing types helps reduce our risk exposure. The development teams have the freedom to choose their own libraries and languages. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. Based on that report, we decide if we can continue. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. We immediately replace these with more permissive, open-source licenses, so we are safe in the end.""The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use.""The Veracode technical support is very good. They are responsive and very knowledgeable.""The time savings has been tremendous. We saw ROI in the first six months."

More Veracode Pros →

"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy.""This tool is really fast and the information that they provide on vulnerabilities is pretty good.""The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support.""It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms.""The solution generates reports automatically and quickly."

More Invicti Pros →

"The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great.""It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."

More Rapid7 InsightAppSec Pros →

Cons
"The ideal situation in terms of putting the results in front of the developers would be with Veracode integration into the developer environment (IDE). They do have a plugin, which we've used in the past, but we were not as positive about it.""The reports on offer are too verbose.""I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use.""Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly.""The solution could improve the Dynamic Analysis Security Testing(DAST).""Sometimes, I get feedback from a developer saying, "They are scanning a Python code, but getting feedback around Java code." While the remediation and guidelines are there, improvement is still required, e.g., you won't get the exact guidelines, but you can get some sort of a high-level insights.""Another problem we have is that, while it is integrated with single sign-on—we are using Okta—the user interface is not great. That's especially true for a permanent link of a report of a page. If you access it, it goes to the normal login page that has nothing that says "Log in with single sign-on," unlike other software as a service that we use. It's quite bothersome because it means that we have to go to the Okta dashboard, find the Veracode link, and log in through it. Only at that point can we go to the permanent link of the page we wanted to access.""The training lab is not very user-friendly and takes a long time to set up."

More Veracode Cons →

"The scannings are not sufficiently updated.""They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one.""Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product.""Right now, they are missing the static application security part, especially web application security.""The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."

More Invicti Cons →

"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys.""In the future, if they can have integration with a lot of ticketing systems then it would be amazing."

More Rapid7 InsightAppSec Cons →

Pricing and Cost Advice
  • "I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good."
  • "Veracode's price is high. I would like them to better optimize their pricing."
  • "If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."
  • "Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive."
  • "We use this product per project rather than per developer... Your development model will really determine what the best fit is for you in terms of licensing, because of the project-based licensing. If you do a few projects, that's more attractive. If you have a large number of developers, that would also make the product a little more attractive."
  • "The pricing is really fair compared to a lot of other tools on the market."
  • "It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent."
  • "Veracode is one of the more expensive solutions in the market, but it is worth the expense because of the eLearning and the security consultations; everything is included in the license."
  • More Veracode Pricing and Cost Advice →

  • "Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
  • More Invicti Pricing and Cost Advice →

  • "The price of this product is very cheap."
  • More Rapid7 InsightAppSec Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    622,645 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »
    Top Answer:Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM… more »
    Top Answer:Veracode recently introduced some pricing based on microservices. This model gives us a lot of flexibility in being able… more »
    Top Answer:It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms.
    Top Answer:The pricing of the license is compatible with our budget.
    Top Answer:Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but… more »
    Top Answer:It uses a signature-based method to check for problems with your code and will provide an alert if anything is found.
    Top Answer:The performance can be improved. I would like a facility to monitor applications after they have been scanned. For… more »
    Top Answer:We use Rapid7 for application security. We use it ourselves and we also provide services for our customers. The primary… more »
    Comparisons
    Also Known As
    Mavituna Netsparker
    InsightAppSec
    Learn More
    Overview

    Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

    Netsparker finds and reports web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) on all types of web applications, regardless of the platform and technology they are built with. Netsparker's unique and dead accurate Proof-Based scanning technology does not just report vulnerabilities, it also produces a Proof of Concept to confirm they are not false positives, freeing you from having to double check the identified vulnerabilities.

    Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

    Offer
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Learn more about Invicti
    Learn more about Rapid7 InsightAppSec
    Sample Customers
    State of Missouri, Rekner
    Samsung, The Walt Disney Company, T-Systems, ING Bank
    CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace
    Top Industries
    REVIEWERS
    Financial Services Firm31%
    Insurance Company11%
    Computer Software Company11%
    Healthcare Company7%
    VISITORS READING REVIEWS
    Computer Software Company26%
    Comms Service Provider14%
    Financial Services Firm12%
    Manufacturing Company7%
    REVIEWERS
    Computer Software Company29%
    Aerospace/Defense Firm14%
    Real Estate/Law Firm14%
    Insurance Company14%
    VISITORS READING REVIEWS
    Computer Software Company28%
    Comms Service Provider18%
    Financial Services Firm9%
    Government7%
    VISITORS READING REVIEWS
    Computer Software Company26%
    Comms Service Provider16%
    Financial Services Firm7%
    Retailer7%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise27%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    REVIEWERS
    Small Business53%
    Midsize Enterprise6%
    Large Enterprise41%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise16%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise19%
    Large Enterprise63%
    Buyer's Guide
    Invicti vs. Rapid7 InsightAppSec
    May 2022
    Find out what your peers are saying about Invicti vs. Rapid7 InsightAppSec and other solutions. Updated: May 2022.
    622,645 professionals have used our research since 2012.

    Invicti is ranked 13th in Application Security Tools with 5 reviews while Rapid7 InsightAppSec is ranked 2nd in Dynamic Application Security Testing (DAST) with 2 reviews. Invicti is rated 7.8, while Rapid7 InsightAppSec is rated 9.6. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of Rapid7 InsightAppSec writes "Easy to use, amazing technical support, and it provides alerts when problems in code are identified". Invicti is most compared with Acunetix, OWASP Zap, PortSwigger Burp Suite Professional, HCL AppScan and Snyk, whereas Rapid7 InsightAppSec is most compared with Rapid7 AppSpider, OWASP Zap, PortSwigger Burp Suite Professional, HCL AppScan and Fortify WebInspect. See our Invicti vs. Rapid7 InsightAppSec report.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.