Rapid7 AppSpider Reviews

We are a distributor for Rapid7 and AppSpider is one of the products that we implement for our clients.

It does a scan that performs about 100 checks on web applications and produces a clear report on all of the vulnerabilities that are found. It is a dynamic scanner.

The reporting is very nice. There are many different reports and they include remediation details such as links as to where you can find patches.

It is really accurate and the rate of false positives is very low.

It can be integrated with the software development life cycle, which our customers have found very useful. It also integrates with Jira and other ticketing solutions.

With AppSpider, you can scan only one application at a time. If you have AppSpider Enterprise then you can connect one or two more scanners and scan multiple applications at one time.

Support response times are slow and can be improved.

I have been working with Rapid7 AppSpider for a month or two.

AppSpider is pretty stable.

I have tried a couple of open source solutions like Burp Suite but nothing that is in competition with AppSpider.

The initial setup is pretty straightforward. If the user has a Windows machine then they just download the file and press Next several times. That's it. The deployment will take perhaps 20 minutes, although if there are network issues then it might take up to an hour.

We deploy AppSpider on a laptop and it is easier that way because you can take it in and out of the domain. You can connect with the web apps where they are.

It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once.

My advice to anybody who is considering this solution is that there are other products out there, and everyone has their own requirements. If AppSpider meets the requirements then it is a great one to implement.

I would rate this solution an eight out of ten.

We are using Rapid 7 AppSpider mainly for mining data and looking for market manipulations.

The most valuable feature is the ability to mine data.

The dashboard and interface are crucial and they need some improvement.

I have been using Rapid7 AppSpider for two or three years.

I would say that it is stable, as I am not aware of any major issues.

I don't know if it is scalable, as we haven't gotten to that stage yet. We are still testing it on quantities and conditions. Theoretically, yes, it's scalable.

We have between 10 and 20 users.

I have not contacted technical support, nor do I know of anybody in the company who has.

This is a product that I would recommend.

I would rate this solution a seven out of ten.

We primarily use the solution for compliance control. Our clients prefer to be audited several times a year.

The reporting on the solution is very good. You can choose between pulling a full report or a brief report if you like. It will show, in each section, if it passed or failed. If you utilize the full report, you'll get an explanation as to why it passed or failed as well, for example, each PCI DSS item will be marked as N/A, Passed or Failed (with details in full report).

The solution scans everything, including sub-domains that were not specified.

The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product.

The solution is very portable and light.

There are some reports that are not so good. They could provide scanning or compliance on some of them.

The solution is too slow. It could take a full day to scan. Competitors are much faster.

The solution is very stable because it generates its own internal data. All logs in a dedicated scan go onto one local database (Microsoft Access database format), and in a separate folder, and you can go there after a year, or two, or more, and just look inside for the index.html to open power of analysis, drill down, filter and report abilities that still work outside the main program.

We have a well-trained employee and access to distributors, so we've never dealt with technical support directly.

We did use a different solution, but we wanted to try this product and so far we really like it.

The initial setup isn't too complex. It's fairly typical. However, when you need some authentification on the page, it could get difficult. Therefore, it's best if you have someone on the team that's familiar with the installation process.

We handled the implementation ourselves. We both sell and use the solution.

We use the on-premises deployment model. I personally prefer the on-premises version over the cloud version.

I'd recommend the solution, but only the on-premises deployment model as it's very portable and can reside on your workstation. You can use it to provide reports without having to be connected to the internet.

I'd rate the solution eight out of ten.

We use this solution for web application security testing. The Rapid7 AppSpider solution deployment project has come to address an organizational need that complies with the ISO27001 standard with the integration of the solution in the vulnerability management processes as well as the change management process in its phase audit before going into production.

All of our solutions are on-premises because are regulatory requirements state that they must be in order to comply with security. They do not want data to be available on the cloud in different parts of the world, so it must not leave the country.

The most valuable feature is the reporting, which is compliant with international standards. This solution will notify us about different RPGs, including the critical ones, and can report on risk or measure risk. Once we have this information then we can relay it to our internal developers.

This solution performs well and is very efficient.

This price of this solution is a little bit expensive. The average cost is still good for us because our budget is more open to security solutions. We need twenty-four-hour security because we are a bank.

In terms of stability, this is a very good solution.

This is a scalable solution.

The technical support for this solution is responsive.

I have used Nessus in the past, and the performance of Rapid7 is better.

The initial setup of this solution is not complex, and it is easy to implement.

We needed to install the virtual machine and the virtual service, which is recommended by Rapid7. The deployment took approximately one week. After this, integration all of our applications took approximately one month.

Two people are required for maintenance. There is me, and then my backup when I am not available.

We have an integrator that assisted us with the implementation. Their name is Nevo Technologies and they are in Morocco, with headquarters in the US.

Three engineers worked on the deployment.

We did not evaluate other options before choosing this solution.

This solution is a leader in the industry.

The reporting is really important for us. We are certified and we are compliant.

We needed both AppSpider and Nexpose to complete for our requirements. It also has another useful module called Metasploit.

My advice is that everybody should try this solution. It's excellent.

I would rate this solution a ten out of ten.

We put Rapid7 AppSpider on the application scans for our network.

The identification mechanism can enhance each scan through consideration options. These can be enhanced in terms of identifications and the parameters.

Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements.

Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan.

The stability of Rapid7 AppSpider is good. 

The scalability for the product works very well.

The tech support from Rapid7 AppSpider is good. They contact us online in case of any open issues.

The initial setup is straightforward.

All aspects of Rapid7 AppSpider are good. On a scale from one to ten, I would rate this product an eight.

I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us.

The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great.

It has good features.