Coming October 25: PeerSpot Awards will be announced! Learn more

Rapid7 InsightAppSec OverviewUNIXBusinessApplication

Rapid7 InsightAppSec is #2 ranked solution in top Dynamic Application Security Testing (DAST) tools. PeerSpot users give Rapid7 InsightAppSec an average rating of 9.6 out of 10. Rapid7 InsightAppSec is most commonly compared to Rapid7 AppSpider: Rapid7 InsightAppSec vs Rapid7 AppSpider. Rapid7 InsightAppSec is popular among the large enterprise segment, accounting for 65% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.
Rapid7 InsightAppSec Buyer's Guide

Download the Rapid7 InsightAppSec Buyer's Guide including reviews and more. Updated: September 2022

What is Rapid7 InsightAppSec?

Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

Rapid7 InsightAppSec was previously known as InsightAppSec.

Rapid7 InsightAppSec Customers

CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace

Rapid7 InsightAppSec Video

Rapid7 InsightAppSec Pricing Advice

What users are saying about Rapid7 InsightAppSec pricing:
  • "They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."
  • "The price of this product is very cheap."
  • Rapid7 InsightAppSec Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Nixon Bagalkoti - PeerSpot reviewer
    Cyber Security Lead at a media company with 201-500 employees
    Real User
    Top 5Leaderboard
    A user-friendly, well-priced solution with Attack Replay feature and good customization options
    Pros and Cons
    • "You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."
    • "When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved."

    What is our primary use case?

    We are using it for DAST, dynamic scanning.

    What is most valuable?

    I like the user interface and the friendly nature of the tool. It is very user-friendly for anyone to use it. The customization part for scanning is also good. 

    You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well.

    What needs improvement?

    Scanning can be better. When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved.

    They need to work on the user interface and management of all the projects. Their support can also be improved a little.

    They should also focus on a wider integration scale and end-to-end scanning.

    For how long have I used the solution?

    It has been almost one year.

    Buyer's Guide
    Fortify WebInspect vs. Rapid7 InsightAppSec
    September 2022
    Find out what your peers are saying about Fortify WebInspect vs. Rapid7 InsightAppSec and other solutions. Updated: September 2022.
    635,162 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    It is stable. Like most products, there is some downtime here and there when they do some patches. Sometimes, it might be stuck as well. So, there are minor challenges, but there is nothing major. The support is helpful during those challenges. Whenever they have some patches or planned downtime, they inform us well before so that we can prepare ourselves. For the past year, I did not face any major challenges.

    What do I think about the scalability of the solution?

    It is definitely scalable. We have been changing and upgrading its usage in phases.

    At present, we have more than 150 users. It is being used on a weekly or a monthly basis. We are only using it for dynamic scanning. Once the environment is ready, we run the scan. We have not automated the scans as of now. We will be doing that in the next quarter, and we will schedule the scans on a monthly or quarterly basis, where once we set the configuration for a particular project, the scan will automatically trigger. Currently, our release cycle is not consistent. That's the reason we have not automated it, but eventually, we will be doing that.

    How are customer service and support?

    When I joined, the agreement with Rapid7 was already in place. They have only email support, and if they have 24/7 phone support as well, that would be really helpful. Most of the technical support people are in the US time zone, whereas we span across different regions. We have a few folks in the UK and a few folks in India. We need to manage the time as well. So, we need a resolution as soon as possible. That is a little challenging for us at times. 

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    I have used Fortify on Demand and other solutions. Each solution, whether it is Fortify, Qualys, or Veracode, has its own pros and cons. 

    Qualys has a wider integration scale, and also from the cloud perspective, when you want to install the Qualys agents on any of your ECS or VMs, it is usually easy to integrate. Rapid7 is also easy, but it doesn't offer anything to scan everything from end to end. It is still improving. I recently attended one of their sessions, and I know they are coming up with new features, but they need to fasten up based on what the current market is and what other products offer. 

    We have been using it only from the AppSec perspective, and it has been working well for us. If I go with Rapid7 for extensive use, including vulnerability management and infrastructure, it would become a little challenging for us because it doesn't offer so many features compared to Qualys or any other products.

    How was the initial setup?

    It is straightforward. You don't need to have any complex solutions for it. They do provide all the documentation with all the steps. It is easy to follow the documentation.

    It took a few hours to set it up. We did not immediately engage in it. We did the setup in phases. We modeled it that way. So, it was very quick for us because we had planned it that way. 

    What about the implementation team?

    It was implemented in-house. In terms of maintenance, it doesn't require much maintenance. So far, I have not seen any major maintenance requirements. There are only regular updates.

    What's my experience with pricing, setup cost, and licensing?

    They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter.

    It is worth the money. I would rate it a four out of five in terms of pricing.

    What other advice do I have?

    When you want to buy a tool, the main thing is whether it meets the requirements based on your business needs. In my previous company, I was in the financial sector, which has a lot of PCI transactions, et cetera. Now, I am in the media industry, and we don't have PCI transactions. It all depends on what kind of business you have, what are the requirements, and whether the product meets your requirements. For our needs, Rapid7 was the ideal go-to tool. Based on the budget, pricing, and features, we went for Rapid7.

    I would rate it a nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    MohamedTaha - PeerSpot reviewer
    Cyber Security Division Manager at 3SC Security Solutions Services and Consultant
    Real User
    Top 5Leaderboard
    Easy to use, amazing technical support, and it provides alerts when problems in code are identified
    Pros and Cons
    • "It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."
    • "In the future, if they can have integration with a lot of ticketing systems then it would be amazing."

    What is our primary use case?

    We use Rapid7 for application security. We use it ourselves and we also provide services for our customers. The primary use is for checking security assessments of web applications. If you need code scanning or API integration, then AppSec provides these options.

    What is most valuable?

    This product is easy to use.

    It uses a signature-based method to check for problems with your code and will provide an alert if anything is found. It will also give recommendations as to how to fix the issues.

    What needs improvement?

    The performance can be improved.

    I would like a facility to monitor applications after they have been scanned. For example, when new programming is done, an application should be scanned again because sometimes they add a lot of pages and can affect it. The application should be monitored to protect you from future attacks or mistakes made by the developer team.

    In the future, if they can have integration with a lot of ticketing systems then it would be amazing. This would mean that if you're using any ticketing system, then because the application is already integrated with it, and if there's an issue with the web application, it will automatically open a support ticket for the development team.

    For how long have I used the solution?

    I have been working with Rapid7 InsightAppSec for two years.

    What do I think about the stability of the solution?

    I have not had any trouble with bugs or glitches.

    What do I think about the scalability of the solution?

    The scalability is good.

    How are customer service and technical support?

    The technical support is amazing. I have been in contact with the local office in Dubai, and they are very good.

    How was the initial setup?

    It is a cloud-based solution so the initial setup is very simple.

    You have an account, so you add the website to the application, and you should add your own website so that it has the authorization to scan your whole application.

    What's my experience with pricing, setup cost, and licensing?

    The price of this product is very cheap. A trial version is available for 60 days, where the reports and problem fixes are available for free.

    What other advice do I have?

    This is a product that I recommend and my advice for anybody who is interested in trying it, there is a free 60-day trial period where they will fix your problems without any payment. That will give you the opportunity to experiment with and gain experience scanning web applications.

    I would rate this solution a ten out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user