Rapid7 InsightAppSec Reviews

Name: Rapid7 InsightAppSec
Brand: Rapid7
Rating: 4.1 (19 reviews)

4.1 out of 5

19 reviews
94% willing to recommend

What is Rapid7 InsightAppSec?

Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

Get the Rapid7 InsightAppSec Buyer's Guide and find out what your peers are saying about Rapid7 InsightAppSec, HCL AppScan, OpenText Dynamic Application Security Testing and more!

Rapid7 InsightAppSec is the #2 ranked solution in top Dynamic Application Security Testing (DAST) solutions. PeerSpot users give Rapid7 InsightAppSec an average rating of 8.2 out of 10. Rapid7 InsightAppSec is most commonly compared to HCL AppScan: Rapid7 InsightAppSec vs HCL AppScan. Rapid7 InsightAppSec is popular among the large enterprise segment, accounting for 55% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 16% of all views.

Helped 861,390 peers since 2012

Featured Rapid7 InsightAppSec reviews

Shritam Bhowmick

Vulnerability Management Lead at garrett

There are areas for improvements regarding false positives. Integration capabilities are lacking, as options for integrations with other tools such as SNOW, Jira, or other integration tools are not sufficient in Rapid7 InsightAppSec. The user interface sometimes has glitches, which may prevent appropriate results during navigation, and even when we get appropriate results, it can be impossible to export them to CSV records or download files. Regarding scalability, Rapid7 InsightAppSec is not a scalable solution for our industry due to limited integration capabilities. Rapid7 relies on another tool called InsightConnect, which requires additional investment, detracting from scalability. Another area that needs improvement is the integration of AI capabilities into the platform. Both Rapid7 InsightAppSec and InsightVM need to advance in that area. In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives. This necessitates improvement in their behavioral-based analytics feature.

Read full review

Krzysztof Witko

IT Security Engineer at a financial services firm with 51-200 employees

The previous product, AppSpyder, had a virtual patching module where we could generate patches for third-party web application firewalls, such as Imperva or F5. Currently, InsightAppSec lacks similar functionality. Customers must wait for remediation during the developers' preparation of a new version. Virtual patching could help protect web pages shortly after finishing the scan process.

Read full review

SonNguyen3

Technical Manager at a computer software company with 11-50 employees

I use Rapid7 InsightAppSec for dynamic application security testing. My main focus is on the quality of detection, specifically detecting vulnerabilities correctly. I also use it to provide neat reports, which my security team can use for validation. These reports are user-friendly, allowing us to…

Read full review

Rapid7 InsightAppSec mindshare

As of July 2025, the mindshare of Rapid7 InsightAppSec in the Dynamic Application Security Testing (DAST) category stands at 11.8%, down from 12.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST)

PeerResearch reports based on Rapid7 InsightAppSec reviews

Type	Title	Date
Category	Dynamic Application Security Testing (DAST)	Jul 11, 2025	Download
Product	Reviews, tips, and advice from real users	Jul 11, 2025	Download
Comparison	Rapid7 InsightAppSec vs HCL AppScan	Jul 11, 2025	Download
Comparison	Rapid7 InsightAppSec vs OpenText Dynamic Application Security Testing	Jul 11, 2025	Download
Comparison	Rapid7 InsightAppSec vs Invicti	Jul 11, 2025	Download

Title	Rating	Mindshare	Recommending
HCL AppScan	3.9	14.4%	83%	43 interviews Add to research
OpenText Dynamic Application Security Testing	3.6	22.2%	82%	21 interviews Add to research

Valuable Features

Rapid7 InsightAppSec offers seamless integration, robust web scanning, and a user-friendly interface. Customization in scanning, the attack replay feature, and easy setup enhance its value. It excels in dynamic application security with predefined templates and remediation capabilities, facilitating vulnerability management. The centralized dashboard provides critical insights, and its flexible deployment options support infrastructure needs. Reporting is accurate, though exporting issues exist due to browser settings.

"The reporting functionality is excellent."
"I would rate the technical support from Rapid7 a ten, indicating high-quality support."
"Rapid7 InsightAppSec helps us in both regulatory compliance and in strengthening our security posture."

Room for Improvement

Rapid7 InsightAppSec lacks detailed reporting and user-friendly interfaces. Scans have configuration issues, often duplicating or replacing settings, and false positives occur frequently. Integration with ticketing systems and other tools is limited, affecting scalability. The interface can be glitchy and exporting data is cumbersome. Improving static and interactive analysis, enhancing AI capabilities and better support for WAF integrations are needed. Users face high pricing and need expanded scanning beyond web applications.

"In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives."
"There is room for improvement in Rapid7 InsightAppSec by giving clients the ability for extra columns on reports and enabling the extraction of remediation reports into a CSV format. Currently, the PDF format is cumbersome to go through when dealing with thousands of pages."
"The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports."

ROI

Users indicated that Rapid7 InsightAppSec significantly enhanced their application security. They experienced faster vulnerability detection and remediation, improved compliance, and reduced risk exposure. Time savings and streamlined processes led to better resource allocation. Enhanced security oversight and effective threat management contributed to higher confidence in their defense capabilities.

Pricing

Rapid7 InsightAppSec pricing experiences vary, with many finding it cost-effective and competitive compared to alternatives, while some consider it expensive and comparable to IBM's pricing. Available licensing options include yearly licenses for teams and project-based models, allowing unlimited user additions. Some users highlight the 60-day free trial offering valuable insights. Pricing ratings range from four to eight out of ten, suggesting overall satisfaction among enterprises, despite the noted variations in cost perceptions.

"Rapid7 InsightAppSec is cheap."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
"I'm not sure how much it costs exactly, but I know it's expensive."

Popular Use Cases

Users primarily utilize Rapid7 InsightAppSec for vulnerability scanning of web applications, APIs, and internal and external systems. It supports dynamic application security testing, penetration testing, and compliance checks. While praised for coverage and a user-friendly interface, users note limitations in integration options with tools like SNOW and Jira. They conduct scans during development stages and provide detailed reports for validation, addressing issues and ensuring security across various environments.

Service and Support

Rapid7 InsightAppSec technical support is generally helpful, knowledgeable, and responsive, with users appreciating its assistance. However, challenges are noted in response times, regional time zone management, lack of direct calling options, and reliance on ticket systems. Some users feel the quality of assistance depends on licensing, while suggestions for improvements in feedback integration and faster response are common. Support is available but limited mainly to email, with local offices proving beneficial.

Deployment

Rapid7 InsightAppSec's setup is straightforward and quick. Users find it easy, often taking less than an hour without extra help due to comprehensive documentation. Cloud-based deployment simplifies the process, requiring minimal personnel. Challenges are rare, but some face complexity with API scanning. Many appreciate the lack of maintenance needs, as Rapid7 handles it. Most users emphasize the system's ease of use, even for non-IT individuals, facilitating efficient deployments.

Scalability

Rapid7 InsightAppSec's cloud-based design enables easy scalability. Users find it simple to expand by adding licenses as needed. Many appreciate its adaptability in growth, though costs can be a barrier. The platform suits medium and large enterprises, although integration can be a limitation. Some experience onboarding delays and data retrieval issues. Scalability ratings vary from four to nine out of ten. Most agree it supports expanding user bases and applications effectively.

Stability

Rapid7 InsightAppSec is praised for its stability, with no significant concerns reported. Users find it reliable, experiencing minimal downtime and manageable challenges. Connectivity issues sometimes arise due to internet disruptions, requiring re-scanning. While there are minor challenges during patches, users appreciate prior notifications. Stability ratings vary, with some users noting delays in data fetching and concerns about false positives. However, it generally receives high ratings, often between eight and ten out of ten for stability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Rapid7 InsightAppSec Buyer's Guide for additional reliable information.