We performed a comparison between Rapid7 InsightAppSec and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a very robust solution."
"The most valuable feature of this solution is the graphical interface."
"We have seen measurable decrease in the mean time to respond to threats by 20 percent."
"The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great."
"It is very convenient to get reports from the tool, which offers high-level environmental statistics."
"It's very easy to use and user-friendly. It does the job."
"You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."
"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."
"Code analysis tool to help identify code issues before entered into production."
"The SCA, agent-based analysis, is valuable. SAST and DAST take time, while this is quite fast. It gives the results very quickly. We have implemented it into our CI/CD pipeline."
"The most important feature is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client... Dynamic scanning actually hits our Web applications, to try to detect any well known Web application vulnerabilities as well."
"The source composition analysis component is great because it gives our developers some comfort in using new libraries."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
"The most valuable feature is Veracode SDP, which allows for something related to third-party vulnerabilities. When we build a product, we use a lot of third-party libraries instead of building everything from scratch. We just use a library which is already been built; we just use that component in our product. Sometimes, these libraries may have bugs or issues, and it's hard to keep track of them because we use thousands of them."
"The most valuable features of the solution are its extensive reporting capabilities and user-friendly interface."
"The automation of Veracode is great because we no longer have to run manual testing."
"They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity."
"The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions."
"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."
"We get a lot of false positives during the tests."
"Rapid7 InsightAppSec needs improvement in detecting phishing pages."
"In the future, if they can have integration with a lot of ticketing systems then it would be amazing."
"We'd like to see integrations with WAF solutions."
"The product’s pricing could be flexible."
"The interface is one thing I find a little challenging. Veracode's interface feels a little outdated compared to other solutions, and it could be modernized. I'm mostly happy with the features, but Vercaode could add Docker image scanning."
"False positives are a problem. Sometimes the flow paths are not accurate and don't represent real attack vectors, but this happens with every application that performs static analysis of the code. But it's under control. The number of false positives is not so high that it is unmanageable on our side."
"The feature that allows me to read which mitigation answer was submitted, and to approve it, requires me to use do so in different screens. That makes it a little bit more complicated because I have to read and then I have to go back and make sure it falls under the same number ID number. That part is a little bit complicated from my perspective, because that's what I use the most."
"In the last month or so, I had a problem with the APIs when doing some implementations. The Veracode support team could be more specific and give me more examples. They shouldn't just copy the URL for a doc and send it to me."
"On-premise implementation is not available."
"It can take time to find options if you don’t use the interface a lot. At some point, a bit of interface restyling may help."
"Their scanning engine is sometimes a little bit slow. They can improve the scan time."
"I would also like to see some improvement in the speed. That is really the only complaint, but in all reality we have a massive Java application that needs to be scanned. Our developers are saying, "It takes 72 hours to scan it." That is probably the nature of the beast, and I'm actually pretty accepting of that time frame, but since it's a complaint that I get, faster is always better. I don't necessarily think that the speed is bad as it is, just that faster would be better."
Rapid7 InsightAppSec is ranked 3rd in Dynamic Application Security Testing (DAST) with 12 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Rapid7 InsightAppSec is rated 8.6, while Veracode is rated 8.2. The top reviewer of Rapid7 InsightAppSec writes "A highly scalable and robust product that enables users to automate scans". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Rapid7 InsightAppSec is most compared with Rapid7 AppSpider, OWASP Zap, Fortify WebInspect, PortSwigger Burp Suite Professional and HCL AppScan, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our Rapid7 InsightAppSec vs. Veracode report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
