The centralized dashboard feature is very important in Rapid7 InsightAppSec. As part of the red teaming, while vulnerability management is not the only thing I do, it's crucial to see the statistics. If one engine is failing, I would mobilize my internal team to address it properly. It's super important to analyze critical issues, running scans, their effectiveness, and accessible metrics; these details are easily available in the centralized dashboard.

The flexibility in deployment options, including cloud native and on-prem, is very helpful for our infrastructure. We have Rapid7 AppSec installers, and when we attempt to leverage this platform for internal application scanning, the cloud engine cannot interact with our internal applications. This is why we need to depend on our own servers to install those installers from Rapid7 and use the on-premises feature.

We are leveraging the reporting feature of Rapid7 InsightAppSec, and the reporting functionality is excellent. The only issue occurs when using the user interface and exporting files, as it sometimes doesn't work. The issue stems from browser settings where cookies interfere with the user interface. A support technician confirmed they are working on improving this aspect, as browsers' built-in capabilities interfere with their ability to import or export files. The reports themselves are accurate and very good, except where many entries may be false positives.

View full review »

Relatively speaking, InsightAppSec is good compared to Insight VM. I also tested InsightAppSec because Insight VM was not effective on web-based systems. I required a solution to manage on-premises, but I was not as satisfied as expected. I did note some good features in InsightAppSec compared to my existing solutions.

View full review »

The most valuable feature of Rapid7 InsightAppSec is the remediation part, which we use the most. This aspect of the tool helps in addressing vulnerabilities effectively, making it one of the most utilized features in our operations. View full review »

When considering DAST, it is not attributed to a singular feature but rather the capabilities of the engine that provides a genuine penetration testing experience and delivers insightful reports. 

The attacks simulate real-world scenarios, providing a view into potential vulnerabilities. These capabilities have greatly assisted us in maintaining a secure environment, particularly in our financial domain.

View full review »

The automatic automation of the automated authorization to the SCANNET environment is valuable. We can use automated actions or create a macro with the authorization sequence. It's very helpful when we send information to the developer, and when they can test the purchase or remediation provided during the development process themselves.

View full review »

Rapid7 InsightAppSec is a good product for dynamic application security testing. It provides neat reports that include validation actions, and it helps to generate web application firewall rules for web applications. Additionally, the attack replay function is beneficial for security testing applications. View full review »

In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions. 

If there is any malicious network traffic targeting a specific web application, it is designed to detect and showcase the entire scenario. It provides insights into potential vulnerabilities, including issues related to process scripting or content security policy vulnerabilities.

Setting up and configuring scans within the tool is easy, and I would rate it a nine out of ten. It provides videos on YouTube, along with documentation that breaks down the process into step-by-step instructions. 

View full review »

I like that the product allows us to have an internal and external scanner. We can authenticate scans and pick and choose which attacks we want to use. It is a very robust solution.

View full review »

Dynamic application security scanning provides predefined templates and supports customization. The ability to scan external and internal applications, including on-premises ones, is precious. Additionally, it is a cloud platform, so we don't need to deploy servers or resources. This makes it time-efficient and cost-effective. 

View full review »

I like the user interface and the friendly nature of the tool. It is very user-friendly for anyone to use it. The customization part for scanning is also good. 

You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well.

View full review »

The most valuable feature of this solution is the graphical interface. It's pretty good, I would rate it a four out of five. Because even, for example, to go and find how to reach your support, let's say you have a ticket, or you want to open for discussion, or you have a question or there's something wrong and you have to create a ticket. 

But even to create the ticket, it's not really seamless to find because they have changed their website around. But besides that, it's pretty easy, 

I would say four out of five, like I said, to kind of go around their app. It's not too, too difficult, but it's not the easiest.

View full review »

The product’s most valuable feature is UI. It is easy to manage and find vulnerabilities in the application.

View full review »

It is very convenient to get reports from the tool, which offers high-level environmental statistics. 

View full review »

AppSec is a Software as a Service. So we don't need to upgrade it.

It is easy to use and deploy to the customer.

The recorder for the login sequence to the customer application is great.

The solution is stable.

It is very easy to scale. Users can expand it if they need to.

View full review »

It's very easy to use and user-friendly. It does the job.

View full review »

The way the solution arranged the web scanning was the most valuable aspect for us.

View full review »

This product is easy to use.

It uses a signature-based method to check for problems with your code and will provide an alert if anything is found. It will also give recommendations as to how to fix the issues.

View full review »

The most common attack templates are easy to access and apply. For example, the OWASP 2017 template contains up to 64 opponent techniques that we can evaluate in our applications.

View full review »

How it integrates with the rest of my systems. I like how they have done some scanning which is reaching into my environment.

View full review »