Rapid7 AppSpider OverviewUNIXBusinessApplication

Rapid7 AppSpider is the #22 ranked solution in AST tools. PeerSpot users give Rapid7 AppSpider an average rating of 7.0 out of 10. Rapid7 AppSpider is most commonly compared to Rapid7 InsightAppSec: Rapid7 AppSpider vs Rapid7 InsightAppSec. Rapid7 AppSpider is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 21% of all views.
Buyer's Guide

Download the Application Security Testing (AST) Buyer's Guide including reviews and more. Updated: November 2022

What is Rapid7 AppSpider?

SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.

Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.

Rapid7 AppSpider was previously known as AppSpider.

Rapid7 AppSpider Customers

Microsoft

Rapid7 AppSpider Video

Archived Rapid7 AppSpider Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Agustinus DWIJOKO - PeerSpot reviewer
Network & Security Engineer at a comms service provider with 11-50 employees
Real User
Top 5
Scan web applications for vulnerabilities and automate testing with various engines
Pros and Cons
  • "When it is set up properly, it can do scanning on web apps with multiple engines automatically."
  • "AppSpider could improve in the area of integration. They need to add more integration opportunities."
  • "The enterprise interface is too simple. It should be more customizable."
  • "The tech support is responsive but issues remain unresolved."

What is our primary use case?

The customer that I handle right now uses AppSpider to scan web applications for vulnerabilities and application testing.  

What is most valuable?

For AppSpider there is more than one valuable feature. The distribution is good. With one console dashboard, we can integrate with one, two, or three different engines. When it is set up, each engine can do scanning on all of the web apps automatically.  

The integration is also good when it is available. For example, we are using selenium to record usernames and passwords. Then we use selenium recording to automate the login and scanning of the apps. These are only two of the things that make AppSpider easy to work with.  

What needs improvement?

AppSpider could improve in the area of integration. They need to add more opportunities. The documentation about integration with AppSpider is bad news and some integrations are quite difficult to do right now. It would be nice if we had a simple resource where we could look up on the internet what they are set up to integrate with. Some products will not currently integrate with AppSpider.   

The interface of the enterprise product is a bit too simple. It would be good if there were options for customizing the views more like a dashboard.  

For how long have I used the solution?

I do pre-sales for Rapid7 solutions and I have been doing that for around one or two years. I do not work with AppSpider day-to-day as part of my job, but I am doing presentations, POC (Proof of Concept), and I do some installations for our customers.  

For Rapid7, I also work with InsightVM and Metasploit doing presentations, POC, and installations for customers. We are a distributor for Rapid7 products.  

Buyer's Guide
Application Security Testing (AST)
November 2022
Find out what your peers are saying about Rapid7, OWASP, Checkmarx and others in Application Security Testing (AST). Updated: November 2022.
654,658 professionals have used our research since 2012.

What do I think about the stability of the solution?

Because we are only using the product during POC and testing and not using it day-to-day, we do not test the stability under higher usage. Because of that, it is hard to judge stability accurately.  

What do I think about the scalability of the solution?

I do not have a lot of experience with the scalability of the product. I think it is scalable because it is easy to do a distribution installation. The ability to use just one dashboard to employ more than one engine is good. I think that shows the processes are scalable.  

Right now our clients are mostly medium enterprise businesses. We have not had the opportunity to scale to many larger organizations.  

How are customer service and support?

For InsightVM the technical support from Rapid7 has been good. If we create a ticket, we get feedback. But right now, one of our customers is a big telco in Indonesia. They are having a problem with an upgrade to Nexpose. The problem has remained unresolved for around one month already. The support only responded by saying that they will try to resolve this issue within six months. They suggested for us to upgrade to the next Nexpose already, but it still not resolved right now. Our customer is left still using the old Nexpose. It is not a good situation.  

How was the initial setup?

To do the installation and initial setup is easy, I think. To use the app is where you need to have an expert in using the product. Even though I have had some experience with AppSpider and I do presentations, I think I still need more time to explore the product to understand it better. 

What other advice do I have?

On a scale of one to ten (where one is the worst and ten is the best), I would rate Rapid7 AppSpider as a seven or eight-out-of-ten.  

Disclosure: My company has a business relationship with this vendor other than being a customer: distributor
PeerSpot user
Security Consultant at a tech vendor with 11-50 employees
Real User
Good reporting and integrates well into the software development lifecycle
Pros and Cons
  • "It is really accurate and the rate of false positives is very low."
  • "Support response times are slow and can be improved."

What is our primary use case?

We are a distributor for Rapid7 and AppSpider is one of the products that we implement for our clients.

It does a scan that performs about 100 checks on web applications and produces a clear report on all of the vulnerabilities that are found. It is a dynamic scanner.

What is most valuable?

The reporting is very nice. There are many different reports and they include remediation details such as links as to where you can find patches.

It is really accurate and the rate of false positives is very low.

It can be integrated with the software development life cycle, which our customers have found very useful. It also integrates with Jira and other ticketing solutions.

What needs improvement?

With AppSpider, you can scan only one application at a time. If you have AppSpider Enterprise then you can connect one or two more scanners and scan multiple applications at one time.

Support response times are slow and can be improved.

For how long have I used the solution?

I have been working with Rapid7 AppSpider for a month or two.

What do I think about the stability of the solution?

AppSpider is pretty stable.

Which solution did I use previously and why did I switch?

I have tried a couple of open source solutions like Burp Suite but nothing that is in competition with AppSpider.

How was the initial setup?

The initial setup is pretty straightforward. If the user has a Windows machine then they just download the file and press Next several times. That's it. The deployment will take perhaps 20 minutes, although if there are network issues then it might take up to an hour.

We deploy AppSpider on a laptop and it is easier that way because you can take it in and out of the domain. You can connect with the web apps where they are.

What's my experience with pricing, setup cost, and licensing?

It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once.

What other advice do I have?

My advice to anybody who is considering this solution is that there are other products out there, and everyone has their own requirements. If AppSpider meets the requirements then it is a great one to implement.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Buyer's Guide
Application Security Testing (AST)
November 2022
Find out what your peers are saying about Rapid7, OWASP, Checkmarx and others in Application Security Testing (AST). Updated: November 2022.
654,658 professionals have used our research since 2012.
Program Director at a financial services firm with 201-500 employees
Real User
A stable solution used for mining market insights, but the interface needs improvement

What is our primary use case?

We are using Rapid 7 AppSpider mainly for mining data and looking for market manipulations.

What is most valuable?

The most valuable feature is the ability to mine data.

What needs improvement?

The dashboard and interface are crucial and they need some improvement.

For how long have I used the solution?

I have been using Rapid7 AppSpider for two or three years.

What do I think about the stability of the solution?

I would say that it is stable, as I am not aware of any major issues.

What do I think about the scalability of the solution?

I don't know if it is scalable, as we haven't gotten to that stage yet. We are still testing it on quantities and conditions. Theoretically, yes, it's scalable.

We have between 10 and 20 users.

How are customer service and technical support?

I have not contacted technical support, nor do I know of anybody in the company who has.

What other advice do I have?

This is a product that I would recommend.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Andrei Bigdan - PeerSpot reviewer
Executive Manager at B2B-Solutions
Real User
Top 5
Great for scanning target sub-domains, good reporting functionality and easy to use
Pros and Cons
  • "The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
  • "The solution is too slow. It could take a full day to scan. Competitors are much faster."

What is our primary use case?

We primarily use the solution for compliance control. Our clients prefer to be audited several times a year.

What is most valuable?

The reporting on the solution is very good. You can choose between pulling a full report or a brief report if you like. It will show, in each section, if it passed or failed. If you utilize the full report, you'll get an explanation as to why it passed or failed as well, for example, each PCI DSS item will be marked as N/A, Passed or Failed (with details in full report).

The solution scans everything, including sub-domains that were not specified.

The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product.

The solution is very portable and light.

What needs improvement?

There are some reports that are not so good. They could provide scanning or compliance on some of them.

The solution is too slow. It could take a full day to scan. Competitors are much faster.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

The solution is very stable because it generates its own internal data. All logs in a dedicated scan go onto one local database (Microsoft Access database format), and in a separate folder, and you can go there after a year, or two, or more, and just look inside for the index.html to open power of analysis, drill down, filter and report abilities that still work outside the main program.

How are customer service and technical support?

We have a well-trained employee and access to distributors, so we've never dealt with technical support directly.

Which solution did I use previously and why did I switch?

We did use a different solution, but we wanted to try this product and so far we really like it.

How was the initial setup?

The initial setup isn't too complex. It's fairly typical. However, when you need some authentification on the page, it could get difficult. Therefore, it's best if you have someone on the team that's familiar with the installation process.

What about the implementation team?

We handled the implementation ourselves. We both sell and use the solution.

What other advice do I have?

We use the on-premises deployment model. I personally prefer the on-premises version over the cloud version.

I'd recommend the solution, but only the on-premises deployment model as it's very portable and can reside on your workstation. You can use it to provide reports without having to be connected to the internet.

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1152534 - PeerSpot reviewer
Information Security Senior Expert (Founding member, African Cybersecurity Center) at a financial services firm with 10,001+ employees
Real User
Efficient, performs well, and has good reporting that complies with international standards
Pros and Cons
  • "The most valuable feature is the reporting, which is compliant with international standards."
  • "This price of this solution is a little bit expensive."

What is our primary use case?

We use this solution for web application security testing. The Rapid7 AppSpider solution deployment project has come to address an organizational need that complies with the ISO27001 standard with the integration of the solution in the vulnerability management processes as well as the change management process in its phase audit before going into production.

All of our solutions are on-premises because are regulatory requirements state that they must be in order to comply with security. They do not want data to be available on the cloud in different parts of the world, so it must not leave the country.

What is most valuable?

The most valuable feature is the reporting, which is compliant with international standards. This solution will notify us about different RPGs, including the critical ones, and can report on risk or measure risk. Once we have this information then we can relay it to our internal developers.

This solution performs well and is very efficient.

What needs improvement?

This price of this solution is a little bit expensive. The average cost is still good for us because our budget is more open to security solutions. We need twenty-four-hour security because we are a bank.

For how long have I used the solution?

We have been using this solution for six months.

What do I think about the stability of the solution?

In terms of stability, this is a very good solution.

What do I think about the scalability of the solution?

This is a scalable solution.

How are customer service and technical support?

The technical support for this solution is responsive.

Which solution did I use previously and why did I switch?

I have used Nessus in the past, and the performance of Rapid7 is better.

How was the initial setup?

The initial setup of this solution is not complex, and it is easy to implement.

We needed to install the virtual machine and the virtual service, which is recommended by Rapid7. The deployment took approximately one week. After this, integration all of our applications took approximately one month.

Two people are required for maintenance. There is me, and then my backup when I am not available.

What about the implementation team?

We have an integrator that assisted us with the implementation. Their name is Nevo Technologies and they are in Morocco, with headquarters in the US.

Three engineers worked on the deployment.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution.

What other advice do I have?

This solution is a leader in the industry.

The reporting is really important for us. We are certified and we are compliant.

We needed both AppSpider and Nexpose to complete for our requirements. It also has another useful module called Metasploit.

My advice is that everybody should try this solution. It's excellent.

I would rate this solution a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Girish Kikkeri - PeerSpot reviewer
Cyber Security Consultant at Relevance Lab
Consultant
The identification mechanism can enhance each scan through consideration options
Pros and Cons
  • "Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
  • "Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."

What is our primary use case?

We put Rapid7 AppSpider on the application scans for our network.

How has it helped my organization?

The identification mechanism can enhance each scan through consideration options. These can be enhanced in terms of identifications and the parameters.

What is most valuable?

Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements.

What needs improvement?

Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan.

For how long have I used the solution?

We have been using Rapid7 AppSpider for only one year.

What do I think about the stability of the solution?

The stability of Rapid7 AppSpider is good. 

What do I think about the scalability of the solution?

The scalability for the product works very well.

How are customer service and technical support?

The tech support from Rapid7 AppSpider is good. They contact us online in case of any open issues.

How was the initial setup?

The initial setup is straightforward.

What other advice do I have?

All aspects of Rapid7 AppSpider are good. On a scale from one to ten, I would rate this product an eight.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Engineer
Real User
I like the ability the product has to detect vulnerabilities quickly, but the product needs to be able to scale

What is most valuable?

I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us.

What do I think about the stability of the solution?

The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great.

What other advice do I have?

It has good features.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Application Security Testing (AST) Report and find out what your peers are saying about Rapid7, OWASP, Checkmarx, and more!
Updated: November 2022
Buyer's Guide
Download our free Application Security Testing (AST) Report and find out what your peers are saying about Rapid7, OWASP, Checkmarx, and more!