IT Central Station is now PeerSpot: Here's why

Rapid7 InsightAppSec vs Veracode comparison

Cancel
You must select at least 2 products to compare!
Rapid7 Logo
3,174 views|2,430 comparisons
Veracode Logo
51,336 views|29,264 comparisons
Featured Review
Buyer's Guide
Rapid7 InsightAppSec vs. Veracode
May 2022
Find out what your peers are saying about Rapid7 InsightAppSec vs. Veracode and other solutions. Updated: May 2022.
610,518 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found.""The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great."

More Rapid7 InsightAppSec Pros →

"The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up.""The centralized view of different testing types helps reduce our risk exposure. The development teams have the freedom to choose their own libraries and languages. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. Based on that report, we decide if we can continue. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. We immediately replace these with more permissive, open-source licenses, so we are safe in the end.""My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous.""Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool.""The solution's ability to prevent vulnerable code from going into production is perfectly fine. It delivers, at least for the reports that we have been checking on Java and JavaScript. It has reported things that were helpful.""The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use.""There are quite a few features that are very reliable, like the newly launched Veracode Pipelines Scan, which is pretty awesome. It supports the synchronous pipeline pretty well. We been using it out of the Jira plugin, and that is fantastic.""The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA."

More Veracode Pros →

Cons
"In the future, if they can have integration with a lot of ticketing systems then it would be amazing.""The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."

More Rapid7 InsightAppSec Cons →

"I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results.""There is much to be desired of UI and user experience. The UI is very slow. With every click, it just takes a lot of time for the pages to load. We have seen this consistently since getting this solution. The UI and UX are very disjointed.""Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly.""The policies you have, where you can tune the findings you get, don't allow you not to file tickets about certain findings. It will always report the findings, even if you know you're not that concerned about a library writing to a system log, for example. It will keep raising them, even though you may have a ticket about it. The integration will keep updating the ticket every time the scan runs.""Sometimes, I get feedback from a developer saying, "They are scanning a Python code, but getting feedback around Java code." While the remediation and guidelines are there, improvement is still required, e.g., you won't get the exact guidelines, but you can get some sort of a high-level insights.""Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had.""The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there.""The product has issues with scanning."

More Veracode Cons →

Pricing and Cost Advice
  • "The price of this product is very cheap."
  • More Rapid7 InsightAppSec Pricing and Cost Advice →

  • "I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good."
  • "Veracode's price is high. I would like them to better optimize their pricing."
  • "If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."
  • "Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive."
  • "We use this product per project rather than per developer... Your development model will really determine what the best fit is for you in terms of licensing, because of the project-based licensing. If you do a few projects, that's more attractive. If you have a large number of developers, that would also make the product a little more attractive."
  • "The pricing is really fair compared to a lot of other tools on the market."
  • "It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent."
  • "Veracode is one of the more expensive solutions in the market, but it is worth the expense because of the eLearning and the security consultations; everything is included in the license."
  • More Veracode Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
    610,518 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:It uses a signature-based method to check for problems with your code and will provide an alert if anything is found.
    Top Answer:The performance can be improved. I would like a facility to monitor applications after they have been scanned. For example, when new programming is done, an application should be scanned again because… more »
    Top Answer:We use Rapid7 for application security. We use it ourselves and we also provide services for our customers. The primary use is for checking security assessments of web applications. If you need code… more »
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Top Answer:Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they… more »
    Top Answer:Veracode recently introduced some pricing based on microservices. This model gives us a lot of flexibility in being able to add and remove microservices and scale them that way. The pricing is solid… more »
    Ranking
    Views
    3,174
    Comparisons
    2,430
    Reviews
    2
    Average Words per Review
    339
    Rating
    9.5
    2nd
    Views
    51,336
    Comparisons
    29,264
    Reviews
    24
    Average Words per Review
    1,440
    Rating
    8.1
    Comparisons
    Also Known As
    InsightAppSec
    Learn More
    Overview

    Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

    Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

    Offer
    Learn more about Rapid7 InsightAppSec
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Sample Customers
    CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace
    State of Missouri, Rekner
    Top Industries
    VISITORS READING REVIEWS
    Computer Software Company27%
    Comms Service Provider16%
    Retailer7%
    Financial Services Firm6%
    REVIEWERS
    Financial Services Firm31%
    Insurance Company11%
    Computer Software Company11%
    Healthcare Company7%
    VISITORS READING REVIEWS
    Computer Software Company27%
    Comms Service Provider14%
    Financial Services Firm12%
    Manufacturing Company7%
    Company Size
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise19%
    Large Enterprise62%
    REVIEWERS
    Small Business24%
    Midsize Enterprise27%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    Buyer's Guide
    Rapid7 InsightAppSec vs. Veracode
    May 2022
    Find out what your peers are saying about Rapid7 InsightAppSec vs. Veracode and other solutions. Updated: May 2022.
    610,518 professionals have used our research since 2012.

    Rapid7 InsightAppSec is ranked 2nd in Dynamic Application Security Testing (DAST) with 2 reviews while Veracode is ranked 2nd in Application Security with 24 reviews. Rapid7 InsightAppSec is rated 9.6, while Veracode is rated 8.0. The top reviewer of Rapid7 InsightAppSec writes "Easy to use, amazing technical support, and it provides alerts when problems in code are identified". On the other hand, the top reviewer of Veracode writes "Good reporting, comprehensive interface, and integrates well into our build pipeline". Rapid7 InsightAppSec is most compared with Rapid7 AppSpider, OWASP Zap, PortSwigger Burp Suite Professional, Invicti and HCL AppScan, whereas Veracode is most compared with SonarQube, Checkmarx, Micro Focus Fortify on Demand, Coverity and OWASP Zap. See our Rapid7 InsightAppSec vs. Veracode report.

    We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.