Rapid7 InsightAppSec Reviews

Name: Rapid7 InsightAppSec
Brand: Rapid7
Rating: 4.1 (19 reviews)

4.1 out of 5

19 reviews
94% willing to recommend

What is Rapid7 InsightAppSec?

Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

Get the Rapid7 InsightAppSec Buyer's Guide and find out what your peers are saying about Rapid7 InsightAppSec, Checkmarx One, HCL AppScan and more!

Rapid7 InsightAppSec is the #3 ranked solution in top Dynamic Application Security Testing (DAST) solutions. PeerSpot users give Rapid7 InsightAppSec an average rating of 8.2 out of 10. Rapid7 InsightAppSec is most commonly compared to Checkmarx One: Rapid7 InsightAppSec vs Checkmarx One. Rapid7 InsightAppSec is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 16% of all views.

Helped 867,676 peers since 2012

Featured Rapid7 InsightAppSec reviews

Shritam Bhowmick

Vulnerability Management Lead at garrett

There are areas for improvements regarding false positives. Integration capabilities are lacking, as options for integrations with other tools such as SNOW, Jira, or other integration tools are not sufficient in Rapid7 InsightAppSec. The user interface sometimes has glitches, which may prevent appropriate results during navigation, and even when we get appropriate results, it can be impossible to export them to CSV records or download files. Regarding scalability, Rapid7 InsightAppSec is not a scalable solution for our industry due to limited integration capabilities. Rapid7 relies on another tool called InsightConnect, which requires additional investment, detracting from scalability. Another area that needs improvement is the integration of AI capabilities into the platform. Both Rapid7 InsightAppSec and InsightVM need to advance in that area. In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives. This necessitates improvement in their behavioral-based analytics feature.

Read full review

Krzysztof Witko

IT Security Engineer at a financial services firm with 51-200 employees

The previous product, AppSpyder, had a virtual patching module where we could generate patches for third-party web application firewalls, such as Imperva or F5. Currently, InsightAppSec lacks similar functionality. Customers must wait for remediation during the developers' preparation of a new version. Virtual patching could help protect web pages shortly after finishing the scan process.

Read full review

SonNguyen3

Technical Manager at a computer software company with 11-50 employees

I use Rapid7 InsightAppSec for dynamic application security testing. My main focus is on the quality of detection, specifically detecting vulnerabilities correctly. I also use it to provide neat reports, which my security team can use for validation. These reports are user-friendly, allowing us to…

Read full review

Rapid7 InsightAppSec mindshare

As of September 2025, the mindshare of Rapid7 InsightAppSec in the Dynamic Application Security Testing (DAST) category stands at 9.5%, up from 9.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST) Market Share Distribution
Product	Market Share (%)
Rapid7 InsightAppSec	9.5%
OpenText Dynamic Application Security Testing	17.9%
HCL AppScan	14.3%
Other	58.3%

Dynamic Application Security Testing (DAST)

PeerResearch reports based on Rapid7 InsightAppSec reviews

Type	Title	Date
Category	Dynamic Application Security Testing (DAST)	Sep 19, 2025	Download
Product	Reviews, tips, and advice from real users	Sep 19, 2025	Download
Comparison	Rapid7 InsightAppSec vs HCL AppScan	Sep 19, 2025	Download
Comparison	Rapid7 InsightAppSec vs OpenText Dynamic Application Security Testing	Sep 19, 2025	Download
Comparison	Rapid7 InsightAppSec vs Checkmarx One	Sep 19, 2025	Download

Title	Rating	Mindshare	Recommending
Checkmarx One	3.8	13.5%	87%	71 interviews Add to research
HCL AppScan	3.9	14.3%	84%	43 interviews Add to research

Valuable Features

Rapid7 InsightAppSec offers seamless integration, robust web scanning, and a user-friendly interface. Customization in scanning, the attack replay feature, and easy setup enhance its value. It excels in dynamic application security with predefined templates and remediation capabilities, facilitating vulnerability management. The centralized dashboard provides critical insights, and its flexible deployment options support infrastructure needs. Reporting is accurate, though exporting issues exist due to browser settings.

"The reporting functionality is excellent."
"I would rate the technical support from Rapid7 a ten, indicating high-quality support."
"Rapid7 InsightAppSec helps us in both regulatory compliance and in strengthening our security posture."

Room for Improvement

Rapid7 InsightAppSec lacks detailed reporting and user-friendly interfaces. Scans have configuration issues, often duplicating or replacing settings, and false positives occur frequently. Integration with ticketing systems and other tools is limited, affecting scalability. The interface can be glitchy and exporting data is cumbersome. Improving static and interactive analysis, enhancing AI capabilities and better support for WAF integrations are needed. Users face high pricing and need expanded scanning beyond web applications.

"In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives."
"There is room for improvement in Rapid7 InsightAppSec by giving clients the ability for extra columns on reports and enabling the extraction of remediation reports into a CSV format. Currently, the PDF format is cumbersome to go through when dealing with thousands of pages."
"The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports."

ROI

Users indicated that Rapid7 InsightAppSec significantly enhanced their application security. They experienced faster vulnerability detection and remediation, improved compliance, and reduced risk exposure. Time savings and streamlined processes led to better resource allocation. Enhanced security oversight and effective threat management contributed to higher confidence in their defense capabilities.

Pricing

Rapid7 InsightAppSec pricing experiences vary, with many finding it cost-effective and competitive compared to alternatives, while some consider it expensive and comparable to IBM's pricing. Available licensing options include yearly licenses for teams and project-based models, allowing unlimited user additions. Some users highlight the 60-day free trial offering valuable insights. Pricing ratings range from four to eight out of ten, suggesting overall satisfaction among enterprises, despite the noted variations in cost perceptions.

"Rapid7 InsightAppSec is cheap."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
"I'm not sure how much it costs exactly, but I know it's expensive."

Popular Use Cases

Users primarily utilize Rapid7 InsightAppSec for vulnerability scanning of web applications, APIs, and internal and external systems. It supports dynamic application security testing, penetration testing, and compliance checks. While praised for coverage and a user-friendly interface, users note limitations in integration options with tools like SNOW and Jira. They conduct scans during development stages and provide detailed reports for validation, addressing issues and ensuring security across various environments.

Service and Support

Rapid7 InsightAppSec technical support is generally helpful, knowledgeable, and responsive, with users appreciating its assistance. However, challenges are noted in response times, regional time zone management, lack of direct calling options, and reliance on ticket systems. Some users feel the quality of assistance depends on licensing, while suggestions for improvements in feedback integration and faster response are common. Support is available but limited mainly to email, with local offices proving beneficial.

Deployment

Rapid7 InsightAppSec's setup is straightforward and quick. Users find it easy, often taking less than an hour without extra help due to comprehensive documentation. Cloud-based deployment simplifies the process, requiring minimal personnel. Challenges are rare, but some face complexity with API scanning. Many appreciate the lack of maintenance needs, as Rapid7 handles it. Most users emphasize the system's ease of use, even for non-IT individuals, facilitating efficient deployments.

Scalability

Rapid7 InsightAppSec's cloud-based design enables easy scalability. Users find it simple to expand by adding licenses as needed. Many appreciate its adaptability in growth, though costs can be a barrier. The platform suits medium and large enterprises, although integration can be a limitation. Some experience onboarding delays and data retrieval issues. Scalability ratings vary from four to nine out of ten. Most agree it supports expanding user bases and applications effectively.

Stability

Rapid7 InsightAppSec is praised for its stability, with no significant concerns reported. Users find it reliable, experiencing minimal downtime and manageable challenges. Connectivity issues sometimes arise due to internet disruptions, requiring re-scanning. While there are minor challenges during patches, users appreciate prior notifications. Stability ratings vary, with some users noting delays in data fetching and concerns about false positives. However, it generally receives high ratings, often between eight and ten out of ten for stability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Rapid7 InsightAppSec Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	10
Midsize Enterprise	2
Large Enterprise	5

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	99
Midsize Enterprise	65
Large Enterprise	189

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

15%

Manufacturing Company

13%

Government

Retailer

Energy/Utilities Company

Insurance Company

Healthcare Company

Construction Company

Non Profit

Hospitality Company

University

Real Estate/Law Firm

Performing Arts

Educational Organization

Outsourcing Company

Recreational Facilities/Services Company

Wholesaler/Distributor

Media Company

Comms Service Provider

Logistics Company

Transportation Company

Pharma/Biotech Company

Leisure / Travel Company

Consumer Goods Company

Mining And Metals Company

Legal Firm

Compare Rapid7 InsightAppSec with alternative products

Learn more about Rapid7 InsightAppSec

Rapid7 InsightAppSec was previously known as InsightAppSec.

Rapid7 InsightAppSec customers

CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace

Product Categories

Dynamic Application Security Testing (DAST)

Popular Comparisons

Checkmarx One vs Rapid7 InsightAppSec

HCL AppScan vs Rapid7 InsightAppSec

OpenText Dynamic Application Security Testing vs Rapid7 InsightAppSec

Invicti vs Rapid7 InsightAppSec

PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec

AppCheck vs Rapid7 InsightAppSec

See all alternatives

Rapid7 InsightAppSec Reviews Summary
Author info	Rating	Review Summary
Vulnerability Management Lead at garrett	3.5	We use Rapid7 InsightAppSec for internal and external application security assessments. It offers strong scan coverage and reporting. However, it needs better integration, fewer false positives, and enhanced AI capabilities. Its interface and scalability require improvement. We deploy via AWS.
Manager at a financial services firm with 5,001-10,000 employees	3.0	I used Rapid7 InsightAppSec alongside Insight VM for managing on-premises needs but found InsightAppSec better in web-based systems. Though it offers some good features, improvements are needed in customer support, integration, and pricing. I previously used different on-premises solutions.
Works	4.0	We use Rapid7 InsightAppSec primarily to scan for vulnerabilities in APIs and UIs, finding the remediation feature most valuable. However, report generation could be improved by allowing additional columns and CSV exports, as PDFs are cumbersome.
Head of Infrastructure at Pearl Data Direct	4.0	We use Rapid7 InsightAppSec mainly for securing our Java-based applications through monthly penetration tests. It excels in realistic threat simulation but needs improvements in customizable reporting and user interface. We also use Qualys WAS for vulnerability management.
IT Security Engineer at a financial services firm with 51-200 employees	4.0	I use InsightAppSec to help customers with environment scans, automating authorization effectively. However, it lacks virtual patching found in AppSpyder, which delays remediation. Competitors like Acunetix and Qualys have similar offerings. Deployment utilizes other cloud providers.
Technical Manager at a computer software company with 11-50 employees	4.0	No summary available
Cyber Security Trainer and Programmer at Freelancer	4.0	I use Rapid7 InsightAppSec to identify code vulnerabilities on dynamic and e-commerce websites. It features easy setup and configuration, includes integration through a CDM, and offers valuable insights and demo sessions. However, it could improve in detecting phishing pages.
Senior Cybersecurity Solutions Engineer at Trillium Information Security Systems	4.5	I use Rapid7 InsightAppSec for dynamic application security scanning of web applications to identify vulnerabilities. Its cloud platform eliminates the need for server deployment, but I wish it could also scan mobile and SaaS applications for comprehensive coverage.

Rapid7 InsightAppSec Reviews

What is Rapid7 InsightAppSec?

Featured Rapid7 InsightAppSec reviews

Rapid7 InsightAppSec mindshare

PeerResearch reports based on Rapid7 InsightAppSec reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Rapid7 InsightAppSec with alternative products

Learn more about Rapid7 InsightAppSec

Rapid7 InsightAppSec customers

Related questions

Product Categories

Popular Comparisons