Rapid7 InsightAppSec Reviews

Name: Rapid7 InsightAppSec
Brand: Rapid7
Rating: 4.1 (20 reviews)

Vendor: Rapid7

4.1 out of 5

20 reviews
94% willing to recommend

Leave a review

What is Rapid7 InsightAppSec?

Rapid7 InsightAppSec is a cloud-based security tool offering robust web scanning capabilities with a user-friendly interface and seamless integration. It enhances dynamic application security testing through customizable modules, providing comprehensive reports and remediation guidance.

Get the Rapid7 InsightAppSec Buyer's Guide and find out what your peers are saying about Rapid7 InsightAppSec, Checkmarx One, Veracode and more!

Rapid7 InsightAppSec is the #5 ranked solution in top Dynamic Application Security Testing (DAST) solutions and #15 ranked solution in top AI Observability solutions. PeerSpot users give Rapid7 InsightAppSec an average rating of 8.2 out of 10. Rapid7 InsightAppSec is most commonly compared to Checkmarx One: Rapid7 InsightAppSec vs Checkmarx One. Rapid7 InsightAppSec is popular among the large enterprise segment, accounting for 49% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 13% of all views.

Helped 892,868 peers since 2012

Featured Rapid7 InsightAppSec reviews

Shritam Bhowmick

Vulnerability Management Lead at garrett

The centralized dashboard feature is very important in Rapid7 InsightAppSec. As part of the red teaming, while vulnerability management is not the only thing I do, it's crucial to see the statistics. If one engine is failing, I would mobilize my internal team to address it properly. It's super important to analyze critical issues, running scans, their effectiveness, and accessible metrics; these details are easily available in the centralized dashboard. The flexibility in deployment options, including cloud native and on-prem, is very helpful for our infrastructure. We have Rapid7 AppSec installers, and when we attempt to leverage this platform for internal application scanning, the cloud engine cannot interact with our internal applications. This is why we need to depend on our own servers to install those installers from Rapid7 and use the on-premises feature. We are leveraging the reporting feature of Rapid7 InsightAppSec, and the reporting functionality is excellent. The only issue occurs when using the user interface and exporting files, as it sometimes doesn't work. The issue stems from browser settings where cookies interfere with the user interface. A support technician confirmed they are working on improving this aspect, as browsers' built-in capabilities interfere with their ability to import or export files. The reports themselves are accurate and very good, except where many entries may be false positives.

Read full review

SohailHyder

Head Of Cyber Security at Super Secure

My team is working with this product because we are a service provider and have provided this service to our customers. From that perspective, I cannot go into detail on the feature sets if you are interested in knowing that. However, as far as I know, we are providing the service, and customers are satisfied with it because we are getting renewals. Customers use the product for scanning purposes and do not want to be restricted with respect to the number of scans they perform. The scanning can be scheduled daily, weekly, monthly, or whenever the need arises. This is a good feature that customers are getting.

Read full review

reviewer2284569

Manager at a financial services firm with 5,001-10,000 employees

Relatively speaking, InsightAppSec is good compared to Insight VM. I also tested InsightAppSec because Insight VM was not effective on web-based systems. I required a solution to manage on-premises, but I was not as satisfied as expected. I did note some good features in InsightAppSec compared to my existing solutions.

Read full review

Rapid7 InsightAppSec mindshare

As of May 2026, the mindshare of Rapid7 InsightAppSec in the Dynamic Application Security Testing (DAST) category stands at 5.8%, up from 4.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST) Mindshare Distribution
Product	Mindshare (%)
Rapid7 InsightAppSec	5.8%
Veracode	15.7%
Checkmarx One	15.0%
Other	63.5%

Dynamic Application Security Testing (DAST)

PeerResearch reports based on Rapid7 InsightAppSec reviews

Type	Title	Date
Category	Dynamic Application Security Testing (DAST)	May 6, 2026	Download
Product	Reviews, tips, and advice from real users	May 6, 2026	Download
Comparison	Rapid7 InsightAppSec vs Veracode	May 6, 2026	Download
Comparison	Rapid7 InsightAppSec vs Checkmarx One	May 6, 2026	Download
Comparison	Rapid7 InsightAppSec vs OpenText Dynamic Application Security Testing	May 6, 2026	Download

Valuable Features

Rapid7 InsightAppSec excels in integration, dynamic scanning, and a user-friendly interface. It offers robust attack templates, customization options, and automation features. Users benefit from an insightful centralized dashboard, effective remediation, and versatile deployment options. The reporting feature provides accurate insights, aiding in vulnerability management. Its cloud-native platform allows flexibility in scanning, without the need for constant upgrades. Attack replay and predefined templates enhance security assessments, while comprehensive videos and documentation facilitate ease of use.

"Rapid7 InsightAppSec is a good product for dynamic application security testing, providing neat reports that include validation actions and helping to generate web application firewall rules for web applications."
"It's very easy to use and user-friendly, and it does the job."
"The stability has been very good; I would rate it five out of five in terms of reliability, as it doesn't crash or freeze, there are no bugs or glitches, and the performance is good."

Room for Improvement

Rapid7 InsightAppSec requires enhancements in reporting, user interface, and integration with tools like Jira and SNOW. Users encounter challenges with scan configurations and performance, seeking better detection of vulnerabilities and support for mobile apps. False positives and limited customization options for reports are concerns, as is expensive pricing. Improvements in AI capabilities and behavioral analytics are desired. Scalability and response time of customer support also need attention.

"The technical support from Rapid7 is not bad, but the response time can be quite slow sometimes."
"They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis."
"We'd like to see integrations with WAF solutions."

ROI

Users indicated that Rapid7 InsightAppSec significantly enhanced their application security. They experienced faster vulnerability detection and remediation, improved compliance, and reduced risk exposure. Time savings and streamlined processes led to better resource allocation. Enhanced security oversight and effective threat management contributed to higher confidence in their defense capabilities.

Pricing

Rapid7 InsightAppSec offers a competitive and varied pricing structure suitable for enterprise buyers, with some users finding it inexpensive while others compare it to the cost of IBM. A 60-day trial is available, providing free access to reports and problem fixes. Many see the pricing as fair and beneficial for project-based licenses, allowing flexibility in user numbers. Some rate its pricing highly, suggesting it is worth the investment.

"Rapid7 InsightAppSec is cheap."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
"I'm not sure how much it costs exactly, but I know it's expensive."

Popular Use Cases

Organizations primarily use Rapid7 InsightAppSec for vulnerability scanning and dynamic application security testing on web applications and APIs. It helps identify security risks, perform penetration testing, and create detailed reports for validation. Users leverage its capabilities for both customer-facing and internal systems, integrating it into their development processes. Though some users note limitations in integration capabilities and false positives, the platform is praised for its scan coverage and user-friendly interface.

Service and Support

Technical support from Rapid7 InsightAppSec is generally praised for being helpful and responsive. Users appreciate the knowledgeable staff and their timely assistance, although some report challenges with response times and the lack of a call option. While support is usually high-quality, feedback integration into improvements is lacking. Rapid7 InsightAppSec is known for delivering commendable support service, though regional time differences can affect support experiences. Good licensing options lead to better support experiences.

Deployment

Rapid7 InsightAppSec's initial setup is consistently described as straightforward and quick. Users report that deployment typically takes under an hour, with minimal personnel required. The cloud-based nature simplifies installation, eliminating complex steps and on-premises deployment. Comprehensive documentation aids the process, allowing users to set up independently without external assistance. However, some mention that API setup can be complex for new users, suggesting potential improvements for ease of use.

Scalability

Rapid7 InsightAppSec offers ease in scaling, particularly for medium and large enterprises, amplified by its cloud-based structure. Users can purchase additional licenses to enhance capacity, though costs could be limiting for some. Despite its general flexibility, there are challenges such as onboarding delays and integration limitations, which require InsightConnect for optimal scalability. Users rate its scalability between four to nine on a ten-point scale, highlighting some diverse experiences.

Stability

Rapid7 InsightAppSec is stable according to users. Though some report minor internet-related challenges, most do not experience bugs or outages. Planned maintenance is well-communicated. Stability ratings vary, with most users rating it between eight and ten out of ten, highlighting reliability and performance. There is a mention of false positives, but stability itself is not questioned. Users appreciate continuous improvements and enhancements in features.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Rapid7 InsightAppSec Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	11
Midsize Enterprise	2
Large Enterprise	5

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	84
Midsize Enterprise	68
Large Enterprise	146

By visitors reading reviews

Top industries

By visitors reading reviews

Manufacturing Company

13%

Financial Services Firm

11%

Computer Software Company

Government

Construction Company

Energy/Utilities Company

Retailer

Healthcare Company

Insurance Company

University

Real Estate/Law Firm

Hospitality Company

Wholesaler/Distributor

Marketing Services Firm

Educational Organization

Media Company

Performing Arts

Comms Service Provider

Logistics Company

Outsourcing Company

Mining And Metals Company

Consumer Goods Company

Legal Firm

Leisure / Travel Company

Wellness & Fitness Company

Compare Rapid7 InsightAppSec with alternative products

Learn more about Rapid7 InsightAppSec

InsightAppSec delivers dynamic application security testing with features like Attack Replay and a centralized dashboard for vulnerability insights. It supports flexible deployment options and simplifies scheduling frequent scans. The tool's intuitive graphical interface and extensive scanning coverage make it valuable for identifying vulnerabilities in web applications, APIs, and e-commerce sites, ensuring compliance. However, improvements are needed in detection accuracy, reporting options, and integrations with external tools like WAF and ticketing systems. There is a need for better scan management, support for mobile applications, customized reporting options, pricing flexibility, improved support, and AI integration.

What are the key features of InsightAppSec?

Seamless Integration: Easily integrates within SDLC for automated scans.
User-Friendly Interface: Offers an intuitive graphical experience.
Robust Web Scanning: Provides extensive vulnerability scanning of web applications and APIs.
Customizable Attack Modules: Tailors testing to meet specific security needs.
Attack Replay: Facilitates re-testing of potential vulnerabilities for accuracy.
Centralized Dashboard: Offers comprehensive insights into vulnerabilities.

What benefits should users look for?

Comprehensive Reports: Delivers detailed insights into security vulnerabilities.
Remediation Guidance: Provides actionable advice to fix identified vulnerabilities.
Scalability: Supports growth by handling increased demands efficiently.
Extensive Coverage: Ensures thorough security testing across multiple platforms.
Flexible Deployment: Adapts to different operational environments.

Industries rely on InsightAppSec for vulnerability scanning to secure web applications, APIs, and e-commerce platforms. Its integration within the SDLC aids in automating scans during development. While limitations exist with certain tool integrations, its cloud-based engine and effective reporting make it essential for internal and external application security assurance.

Rapid7 InsightAppSec was previously known as InsightAppSec.

Rapid7 InsightAppSec customers

CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace

Product Categories

Dynamic Application Security Testing (DAST)

AI Observability

Popular Comparisons

Checkmarx One vs Rapid7 InsightAppSec

Veracode vs Rapid7 InsightAppSec

HCL AppScan vs Rapid7 InsightAppSec

Invicti vs Rapid7 InsightAppSec

OpenText Dynamic Application Security Testing vs Rapid7 InsightAppSec

PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec

Continuous Dynamic (formerly WhiteHat Dynamic) vs Rapid7 InsightAppSec

AppCheck vs Rapid7 InsightAppSec

StackHawk vs Rapid7 InsightAppSec

See all alternatives

Rapid7 InsightAppSec Reviews Summary
Author info	Rating	Review Summary
Vulnerability Management Lead at garrett	3.5	We use Rapid7 InsightAppSec for internal and external application security assessments. It offers strong scan coverage and reporting. However, it needs better integration, fewer false positives, and enhanced AI capabilities. Its interface and scalability require improvement. We deploy via AWS.
Head Of Cyber Security at Super Secure	3.5	I've worked with Rapid7 InsightAppSec for over three years and found it reliable, especially for financial institutions. Customers appreciate flexible scan scheduling, though customizable reporting could improve. Support is decent, pricing is fair, and renewals suggest satisfaction.
Manager at a financial services firm with 5,001-10,000 employees	3.0	I used Rapid7 InsightAppSec alongside Insight VM for managing on-premises needs but found InsightAppSec better in web-based systems. Though it offers some good features, improvements are needed in customer support, integration, and pricing. I previously used different on-premises solutions.
Works	4.0	We use Rapid7 InsightAppSec primarily to scan for vulnerabilities in APIs and UIs, finding the remediation feature most valuable. However, report generation could be improved by allowing additional columns and CSV exports, as PDFs are cumbersome.
Head of Infrastructure at Pearl Data Direct	4.0	We use Rapid7 InsightAppSec mainly for securing our Java-based applications through monthly penetration tests. It excels in realistic threat simulation but needs improvements in customizable reporting and user interface. We also use Qualys WAS for vulnerability management.
Technical Manager at a computer software company with 11-50 employees	4.0	I find Rapid7 InsightAppSec a good, stable DAST solution with neat reports and easy scalability. While customer service response can be slow and I wish the price was lower, I recommend it for its valuable features, rating it 8-9/10.
IT Security Engineer at a financial services firm with 51-200 employees	4.0	I use InsightAppSec to help customers with environment scans, automating authorization effectively. However, it lacks virtual patching found in AppSpyder, which delays remediation. Competitors like Acunetix and Qualys have similar offerings. Deployment utilizes other cloud providers.
Senior Cybersecurity Solutions Engineer at Trillium Information Security Systems	4.5	I use Rapid7 InsightAppSec for dynamic application security scanning of web applications to identify vulnerabilities. Its cloud platform eliminates the need for server deployment, but I wish it could also scan mobile and SaaS applications for comprehensive coverage.

Title	Rating	Mindshare	Recommending
Checkmarx One	3.9	15.0%	88%	81 interviews Add to research
Veracode	4.0	15.7%	89%	207 interviews Add to research

Rapid7 InsightAppSec Reviews

What is Rapid7 InsightAppSec?

Featured Rapid7 InsightAppSec reviews

Rapid7 InsightAppSec mindshare

PeerResearch reports based on Rapid7 InsightAppSec reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Rapid7 InsightAppSec with alternative products

Learn more about Rapid7 InsightAppSec

Rapid7 InsightAppSec customers

Related questions

Product Categories

Popular Comparisons