There are areas for improvements regarding false positives. Integration capabilities are lacking, as options for integrations with other tools such as SNOW, Jira, or other integration tools are not sufficient in Rapid7 InsightAppSec.

The user interface sometimes has glitches, which may prevent appropriate results during navigation, and even when we get appropriate results, it can be impossible to export them to CSV records or download files.

Regarding scalability, Rapid7 InsightAppSec is not a scalable solution for our industry due to limited integration capabilities. Rapid7 relies on another tool called InsightConnect, which requires additional investment, detracting from scalability.

Another area that needs improvement is the integration of AI capabilities into the platform. Both Rapid7 InsightAppSec and InsightVM need to advance in that area.

In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives. This necessitates improvement in their behavioral-based analytics feature.

View full review »

There is room for improvement in the response time of customer service and support levels. Rapid7 could improve the reporting and the depth of the research or assessment. Integration with other tools could also be enhanced. The pricing is also expensive, and I need a fairer price with potential discounts.

View full review »

There is room for improvement in Rapid7 InsightAppSec by giving clients the ability for extra columns on reports and enabling the extraction of remediation reports into a CSV format. Currently, the PDF format is cumbersome to go through when dealing with thousands of pages. View full review »

The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports. It would be beneficial if there were an option for customers to customize reports to include more details. 

Additionally, the interface is a bit complicated for new users, especially for configuring modern applications and APIs. An intuitive wizard-based configuration would be helpful.

View full review »

The previous product, AppSpyder, had a virtual patching module where we could generate patches for third-party web application firewalls, such as Imperva or F5. Currently, InsightAppSec lacks similar functionality. Customers must wait for remediation during the developers' preparation of a new version. Virtual patching could help protect web pages shortly after finishing the scan process.

View full review »

Currently, I do not see any specific areas for improvement except for possibly lowering the price. View full review »

Rapid7 InsightAppSec needs improvement in detecting phishing pages. 

View full review »

The number of web applications we can scan is limited. There's a cost associated with how many web apps we want to scan.

View full review »

The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive.

It would be beneficial if the solution could also scan mobile applications. It only scans web applications, but it should also cover mobile applications, including firmware recommendations.

View full review »

Scanning can be better. When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved.

They need to work on the user interface and management of all the projects. Their support can also be improved a little.

They should also focus on a wider integration scale and end-to-end scanning.

View full review »

The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec. 

You can prepare a report, for example, but even inside the report, you must have some knowledge of Rapid7 and know how to explore certain vulnerabilities.

Out of five, I would rate Rapid7 a 3.5.

View full review »

The product’s pricing could be flexible compared to Acronis.

View full review »

We get a lot of false positives during the tests. 

View full review »

We'd like to see integrations with WAF solutions. That could be improved. 

Rapid7 has a new solution to test a secure application and integrate with the secure application, however, sometimes, our customer has a Web Application Firewall externally.

View full review »

They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity.

View full review »

The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions. 

The solution needs to have a softcore scan or scan that integrates better with the content.

View full review »

The performance can be improved.

I would like a facility to monitor applications after they have been scanned. For example, when new programming is done, an application should be scanned again because sometimes they add a lot of pages and can affect it. The application should be monitored to protect you from future attacks or mistakes made by the developer team.

In the future, if they can have integration with a lot of ticketing systems then it would be amazing. This would mean that if you're using any ticketing system, then because the application is already integrated with it, and if there's an issue with the web application, it will automatically open a support ticket for the development team.

View full review »

I find the AppSec interface for defining scans and targets a bit confusing at first, but with practice the logic of the operation flow is understood.

View full review »

I would like more details of what the product can do.

For the new vulnerabilities and information which comes out, I would like to see them do some specific in-house application testing for companies who do their own application development.

View full review »