We changed our name from IT Central Station: Here's why

Rapid7 AppSpider OverviewUNIXBusinessApplication

Rapid7 AppSpider is #16 ranked solution in AST tools. PeerSpot users give Rapid7 AppSpider an average rating of 8 out of 10. Rapid7 AppSpider is most commonly compared to Rapid7 InsightAppSec: Rapid7 AppSpider vs Rapid7 InsightAppSec. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
What is Rapid7 AppSpider?

SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.

Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.

Rapid7 AppSpider was previously known as AppSpider.

Buyer's Guide

Download the Application Security Testing (AST) Buyer's Guide including reviews and more. Updated: January 2022

Rapid7 AppSpider Customers

Microsoft

Rapid7 AppSpider Video

Archived Rapid7 AppSpider Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Andrei Bigdan
Assistant at Taras Shevchenko National University of Kyiv
Real User
Top 10
Great for scanning target sub-domains, good reporting functionality and easy to use
Pros and Cons
  • "The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
  • "The solution is too slow. It could take a full day to scan. Competitors are much faster."

What is our primary use case?

We primarily use the solution for compliance control. Our clients prefer to be audited several times a year.

What is most valuable?

The reporting on the solution is very good. You can choose between pulling a full report or a brief report if you like. It will show, in each section, if it passed or failed. If you utilize the full report, you'll get an explanation as to why it passed or failed as well, for example, each PCI DSS item will be marked as N/A, Passed or Failed (with details in full report).

The solution scans everything, including sub-domains that were not specified.

The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product.

The solution is very portable and light.

What needs improvement?

There are some reports that are not so good. They could provide scanning or compliance on some of them.

The solution is too slow. It could take a full day to scan. Competitors are much faster.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

The solution is very stable because it generates its own internal data. All logs in a dedicated scan go onto one local database (Microsoft Access database format), and in a separate folder, and you can go there after a year, or two, or more, and just look inside for the index.html to open power of analysis, drill down, filter and report abilities that still work outside the main program.

How are customer service and technical support?

We have a well-trained employee and access to distributors, so we've never dealt with technical support directly.

Which solution did I use previously and why did I switch?

We did use a different solution, but we wanted to try this product and so far we really like it.

How was the initial setup?

The initial setup isn't too complex. It's fairly typical. However, when you need some authentification on the page, it could get difficult. Therefore, it's best if you have someone on the team that's familiar with the installation process.

What about the implementation team?

We handled the implementation ourselves. We both sell and use the solution.

What other advice do I have?

We use the on-premises deployment model. I personally prefer the on-premises version over the cloud version.

I'd recommend the solution, but only the on-premises deployment model as it's very portable and can reside on your workstation. You can use it to provide reports without having to be connected to the internet.

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user1152534
Information Security Senior Expert (Founding member, African Cybersecurity Center) at a financial services firm with 10,001+ employees
Real User
Efficient, performs well, and has good reporting that complies with international standards
Pros and Cons
  • "The most valuable feature is the reporting, which is compliant with international standards."
  • "This price of this solution is a little bit expensive."

What is our primary use case?

We use this solution for web application security testing. The Rapid7 AppSpider solution deployment project has come to address an organizational need that complies with the ISO27001 standard with the integration of the solution in the vulnerability management processes as well as the change management process in its phase audit before going into production.

All of our solutions are on-premises because are regulatory requirements state that they must be in order to comply with security. They do not want data to be available on the cloud in different parts of the world, so it must not leave the country.

What is most valuable?

The most valuable feature is the reporting, which is compliant with international standards. This solution will notify us about different RPGs, including the critical ones, and can report on risk or measure risk. Once we have this information then we can relay it to our internal developers.

This solution performs well and is very efficient.

What needs improvement?

This price of this solution is a little bit expensive. The average cost is still good for us because our budget is more open to security solutions. We need twenty-four-hour security because we are a bank.

For how long have I used the solution?

We have been using this solution for six months.

What do I think about the stability of the solution?

In terms of stability, this is a very good solution.

What do I think about the scalability of the solution?

This is a scalable solution.

How are customer service and technical support?

The technical support for this solution is responsive.

Which solution did I use previously and why did I switch?

I have used Nessus in the past, and the performance of Rapid7 is better.

How was the initial setup?

The initial setup of this solution is not complex, and it is easy to implement.

We needed to install the virtual machine and the virtual service, which is recommended by Rapid7. The deployment took approximately one week. After this, integration all of our applications took approximately one month.

Two people are required for maintenance. There is me, and then my backup when I am not available.

What about the implementation team?

We have an integrator that assisted us with the implementation. Their name is Nevo Technologies and they are in Morocco, with headquarters in the US.

Three engineers worked on the deployment.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution.

What other advice do I have?

This solution is a leader in the industry.

The reporting is really important for us. We are certified and we are compliant.

We needed both AppSpider and Nexpose to complete for our requirements. It also has another useful module called Metasploit.

My advice is that everybody should try this solution. It's excellent.

I would rate this solution a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Rapid7, Checkmarx, OWASP and others in Application Security Testing (AST). Updated: January 2022.
564,143 professionals have used our research since 2012.
Girish Kikkeri
Cyber Security Consultant at Relevance Lab
Consultant
The identification mechanism can enhance each scan through consideration options
Pros and Cons
  • "Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
  • "Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."

What is our primary use case?

We put Rapid7 AppSpider on the application scans for our network.

How has it helped my organization?

The identification mechanism can enhance each scan through consideration options. These can be enhanced in terms of identifications and the parameters.

What is most valuable?

Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements.

What needs improvement?

Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan.

For how long have I used the solution?

We have been using Rapid7 AppSpider for only one year.

What do I think about the stability of the solution?

The stability of Rapid7 AppSpider is good. 

What do I think about the scalability of the solution?

The scalability for the product works very well.

How are customer service and technical support?

The tech support from Rapid7 AppSpider is good. They contact us online in case of any open issues.

How was the initial setup?

The initial setup is straightforward.

What other advice do I have?

All aspects of Rapid7 AppSpider are good. On a scale from one to ten, I would rate this product an eight.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer
Real User
I like the ability the product has to detect vulnerabilities quickly, but the product needs to be able to scale

What is most valuable?

I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us.

What do I think about the stability of the solution?

The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great.

What other advice do I have?

It has good features.

What is most valuable?

I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us.

What do I think about the stability of the solution?

The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great.

What other advice do I have?

It has good features.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Application Security Testing (AST) Report and find out what your peers are saying about Rapid7, Checkmarx, OWASP, and more!