No more typing reviews! Try our Samantha, our new voice AI agent.

Rapid7 AppSpider vs Tenable.io Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Rapid7 AppSpider
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
14
Ranking in other categories
Static Application Security Testing (SAST) (30th)
Tenable.io Web Application ...
Average Rating
7.8
Reviews Sentiment
5.8
Number of Reviews
18
Ranking in other categories
Application Security Tools (22nd)
 

Mindshare comparison

Rapid7 AppSpider and Tenable.io Web Application Scanning aren’t in the same category and serve different purposes. Rapid7 AppSpider is designed for Static Application Security Testing (SAST) and holds a mindshare of 0.8%, up 0.5% compared to last year.
Tenable.io Web Application Scanning, on the other hand, focuses on Application Security Tools, holds 1.3% mindshare, up 1.3% since last year.
Static Application Security Testing (SAST) Mindshare Distribution
ProductMindshare (%)
Rapid7 AppSpider0.8%
SonarQube14.2%
Checkmarx One9.1%
Other75.9%
Static Application Security Testing (SAST)
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Tenable.io Web Application Scanning1.3%
SonarQube12.4%
Checkmarx One8.2%
Other78.1%
Application Security Tools
 

Featured Reviews

HW
Marketing Expert at J's communication
Clients benefit from broad authentication and effective crawling but need localization improvements
Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments One of the most valuable features of AppSpider is its broad range of authentication identification, which is a key reason for its utilization.…
HL
Security Analyst at TOPNET
Web audits have identified vulnerabilities and now provide clear visibility into compliance gaps
We have experience with Tenable.io Web Application Scanning, and we use it as well; we have approximately ten licenses for web application scanning. We use it to find vulnerabilities, but Tenable.io Web Application Scanning does not include remediation; we remediate with other products. We use the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"The setup is usually straightforward."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information, and you don't need specialized skills to use the product."
"Customer service has been quite good."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"It is really accurate and the rate of false positives is very low."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"Our primary use case for the solution is automated scanning; it doesn't require scripting knowledge or any of those suites or other tools, so it is fully automated, and we provide the credentials and URL and the tool does all scanning and will show the result per the requirement."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities."
"All the features are valuable to us as they offer cutting-edge scanning methods and address the latest issues with a contemporary approach. Tenable.io Web Application Scanning is highly stable. I rate it a nine out ten. Since the solution works on the Cloud, it's highly scalable. I rate the scalability a nine out of ten. The setup of the solution is straightforward. The Return on Investment is substantial. I recommend the solution to all."
"Tenable.io Web Application Scanning is very easy to use, provides very reliable results, and is easily managed by someone who lacks prior knowledge, information, or experience."
"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
"We can get detailed information about vulnerabilities."
"The solution is stable."
 

Cons

"AppSpider has some problems with the RAM needed while scanning."
"This price of this solution is a little bit expensive."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"Support response times are slow and can be improved."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"There are some glitches with stability, and it is an area for improvement."
"It needs better integration with mobile applications."
"We have encountered some problems with the technical support from Tenable; I would rate it a five out of ten. It is not efficacious, especially the first-level support."
"The report customization needs to be better."
"I would like for them to add intervening proxy, whereby you can alter the get/put requests."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."
"The reporting has a very limited customization capability."
"The dashboard could be more user-friendly."
"Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive."
 

Pricing and Cost Advice

"The licensing cost depends on the number of users."
"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
"AppSpider is closed-source software and you need to acquire a license in order to use it."
"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
"The price is pretty fair."
"For Tenable.io Web Application Scanning, it comes to around 6,50,000 Indian rupees, plus taxes."
"The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage."
"The application is extremely affordable. There are no additional costs involved with licensing. We switched to Tenable.io Web Application Scanning from other solutions due to pricing."
"I rate the product's pricing a four out of ten."
"Tenable.io Web Application Scanning is expensive for small businesses."
"The pricing is okay."
"It follows the same licensing scheme as Tenable.io and Tenable. sc."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
903,996 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
11%
University
10%
Financial Services Firm
9%
Construction Company
7%
Financial Services Firm
14%
Manufacturing Company
9%
Computer Software Company
8%
Construction Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise2
Large Enterprise1
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise5
Large Enterprise7
 

Questions from the Community

What is your experience regarding pricing and costs for Rapid7 AppSpider?
The price is not high, but for Japanese customers, localization may incur additional costs.
What needs improvement with Rapid7 AppSpider?
For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users.
What is your primary use case for Rapid7 AppSpider?
Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments.
What needs improvement with Tenable.io Web Application Scanning?
If there were a solution, I would like to see automation and an integrated remediation solution for vulnerability or patch management.
What advice do you have for others considering Tenable.io Web Application Scanning?
I do not understand what API approach means; I do not understand this term. I think Tenable.io Web Application Scanning is the best option on the market at the moment. My review rating for this pro...
What is your experience regarding pricing and costs for Tenable.io Web Application Scanning?
I think the price is expensive. We do not have an idea of how much we have to pay approximately, but comparing to other products, Tenable.io Web Application Scanning is expensive.
 

Also Known As

AppSpider
No data available
 

Overview

 

Sample Customers

Microsoft
IMDEX
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Static Application Security Testing (SAST). Updated: June 2026.
903,996 professionals have used our research since 2012.