Rapid7 InsightAppSec Reviews

Name: Rapid7 InsightAppSec
Brand: Rapid7
Rating: 4.1 (17 reviews)

4.1 out of 5

17 reviews
94% willing to recommend

137 followers

What is Rapid7 InsightAppSec?

Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

Get the Rapid7 InsightAppSec Buyer's Guide and find out what your peers are saying about Rapid7 InsightAppSec, HCL AppScan, Fortify WebInspect and more!

Rapid7 InsightAppSec is the #4 ranked solution in top Dynamic Application Security Testing (DAST) solutions. PeerSpot users give Rapid7 InsightAppSec an average rating of 8.2 out of 10. Rapid7 InsightAppSec is most commonly compared to HCL AppScan: Rapid7 InsightAppSec vs HCL AppScan. Rapid7 InsightAppSec is popular among the large enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 16% of all views.

Helped 842,388 peers since 2012

Featured Rapid7 InsightAppSec reviews

Krzysztof Witko

IT Security Engineer at a financial services firm with 51-200 employees

The previous product, AppSpyder, had a virtual patching module where we could generate patches for third-party web application firewalls, such as Imperva or F5. Currently, InsightAppSec lacks similar functionality. Customers must wait for remediation during the developers' preparation of a new version. Virtual patching could help protect web pages shortly after finishing the scan process.

Read full review

Vikas Dusa

Cyber Security Trainer and Programmer at Freelancer

In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions. If there is any malicious network traffic targeting a specific web application, it is designed to detect and showcase the entire scenario. It provides insights into potential vulnerabilities, including issues related to process scripting or content security policy vulnerabilities. Setting up and configuring scans within the tool is easy, and I would rate it a nine out of ten. It provides videos on YouTube, along with documentation that breaks down the process into step-by-step instructions.

Read full review

Nixon Bagalkoti

Cyber Security Lead at a printing company with 201-500 employees

Scanning can be better. When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved. They need to work on the user interface and management of all the projects. Their support can also be improved a little. They should also focus on a wider integration scale and end-to-end scanning.

Read full review

Rapid7 InsightAppSec mindshare

As of March 2025, the mindshare of Rapid7 InsightAppSec in the Dynamic Application Security Testing (DAST) category stands at 11.9%, down from 13.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST)

PeerAnalyst reports based on Rapid7 InsightAppSec reviews

Type	Title	Date
Category	Dynamic Application Security Testing (DAST)	Mar 27, 2025	Download
Product	Reviews, tips, and advice from real users	Mar 27, 2025	Download
Comparison	Rapid7 InsightAppSec vs HCL AppScan	Mar 27, 2025	Download
Comparison	Rapid7 InsightAppSec vs Fortify WebInspect	Mar 27, 2025	Download
Comparison	Rapid7 InsightAppSec vs Invicti	Mar 27, 2025	Download

Title	Rating	Mindshare	Recommending
HCL AppScan	3.9	17.5%	83%	43 interviews Add to research
Fortify WebInspect	3.6	25.6%	81%	20 interviews Add to research

Valuable Features

Rapid7 InsightAppSec stands out for its seamless integration with systems and user-friendly interface, facilitating web scanning and attack simulation. Its ease of use and deployment is noted, along with robust customization for scanning, internal and external authentication, and attack modules. The automated authorization actions are beneficial for developers. Dynamic scanning templates and the ability to manage vulnerabilities and generate high-level reports enhance its value. Its cloud-based nature ensures time efficiency and cost-effectiveness.

"I would rate the technical support from Rapid7 a ten, indicating high-quality support."
"Rapid7 InsightAppSec helps us in both regulatory compliance and in strengthening our security posture."
"When considering DAST, it is not attributed to a singular feature but rather the capabilities of the engine that provides a genuine penetration testing experience and delivers insightful reports."

Room for Improvement

Rapid7 InsightAppSec requires improvements in reporting, user interface, and detailed vulnerability information. Users face challenges with scan configurations, false positives, and web application limits. They seek enhanced ticketing system integration, support for mobile applications, static and interactivity analysis, and WAF integration. Pricing is considered high, and reporting tools need customization and better export options. Customer service responsiveness and virtual patching functionalities also need enhancement, along with a more user-friendly interface for new users.

"There is room for improvement in Rapid7 InsightAppSec by giving clients the ability for extra columns on reports and enabling the extraction of remediation reports into a CSV format. Currently, the PDF format is cumbersome to go through when dealing with thousands of pages."
"The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports."
"The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports."

ROI

Users indicated that Rapid7 InsightAppSec significantly enhanced their application security. They experienced faster vulnerability detection and remediation, improved compliance, and reduced risk exposure. Time savings and streamlined processes led to better resource allocation. Enhanced security oversight and effective threat management contributed to higher confidence in their defense capabilities.

Pricing

Enterprise users find Rapid7 InsightAppSec's pricing fair and competitive compared to competitors, with some expressing it as inexpensive, while others find it expensive. Offers include a yearly license and a 60-day trial providing free reports and problem fixes. Pricing is project-based, allowing unlimited user additions, enhancing its value for money. User impressions vary, with pricing rated between four and eight out of ten, indicating mixed perceptions based on organizational differences.

"Rapid7 InsightAppSec is cheap."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
"I'm not sure how much it costs exactly, but I know it's expensive."

Popular Use Cases

Rapid7 InsightAppSec is used for vulnerability scanning, focusing on web applications and APIs. It aids in dynamic application security testing, enabling automated scanning during development cycles. Users employ it for penetration testing, ensuring compliance and identifying security risks. It's also used for code scanning and to gain insights into application configurations. Rapid7 InsightAppSec integrates with various environments, facilitating seamless assessment and security management for both internal and customer applications.

Service and Support

Customers find the technical support for Rapid7 InsightAppSec helpful and responsive, though some express concerns about availability and wait times, highlighting the lack of 24/7 phone support. Many appreciate the knowledge and responsiveness of the team. Users note that response time could improve and accessing support often involves opening tickets rather than direct calling. Some believe support quality is tied to licensing options, with faster service desired across global locations.

Deployment

Rapid7 InsightAppSec setup is simple and quick for users, often rated highly for ease. Deployment is efficient due to its cloud-based nature, requiring minimal time and personnel. While some users find API configuration slightly complex, most appreciate the provided documentation for guidance. Initial implementation typically doesn't demand extensive resources, and maintenance is handled by Rapid7, enhancing user convenience. Configurations vary based on user environment, but generally, setup progresses smoothly and quickly.

Scalability

Rapid7 InsightAppSec is praised for its scalability, particularly because it is cloud-based. Businesses find it easy to expand, though purchasing additional licenses can increase costs. Organizations have praised ease of deployment and have expanded usage across various applications. While it handles internal and external scanning efficiently, there can be occasional delays in onboarding and data retrieval. Rated highly for scalability, it supports medium and large enterprises, accommodating numerous users and applications seamlessly.

Stability

Rapid7 InsightAppSec is highly stable, with most users experiencing minimal issues. Stability is occasionally affected by internet connection interruptions, requiring re-scans. Users occasionally encounter minor challenges during patches or planned downtime, but support is responsive. Over a year, the platform rarely faces performance issues. Ratings for reliability range from six to ten out of ten, highlighting its consistent stability and continuous improvements. Users frequently note the absence of bugs, glitches, and outages.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Rapid7 InsightAppSec Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

14%

Manufacturing Company

12%

Government

Retailer

Healthcare Company

Energy/Utilities Company

Insurance Company

Hospitality Company

Real Estate/Law Firm

Construction Company

University

Non Profit

Logistics Company

Wholesaler/Distributor

Media Company

Comms Service Provider

Recreational Facilities/Services Company

Leisure / Travel Company

Transportation Company

Educational Organization

Outsourcing Company

Pharma/Biotech Company

Legal Firm

Performing Arts

Compare Rapid7 InsightAppSec with alternative products

Learn more about Rapid7 InsightAppSec

Rapid7 InsightAppSec was previously known as InsightAppSec.

Rapid7 InsightAppSec customers

CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace

Product Categories

Dynamic Application Security Testing (DAST)

Popular Comparisons

HCL AppScan vs Rapid7 InsightAppSec

Fortify WebInspect vs Rapid7 InsightAppSec

Invicti vs Rapid7 InsightAppSec

PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec

AppCheck vs Rapid7 InsightAppSec

See all alternatives

Rapid7 InsightAppSec reviews

Sort by:

reviewer2284569

Manager at a financial services firm with 5,001-10,000 employees

Verified user of Rapid7 InsightAppSec

Feb 25, 2025

AppSec features show promise but customer support needs improvement

Pros

"Relatively speaking, InsightAppSec is good compared to Insight VM. "

Cons

"There is room for improvement in the response time of customer service and support levels."

What is our primary use case?

I am working with Rapid7 InsightAppSec as well as Insight VM.

What is most valuable?

Relatively speaking, InsightAppSec is good compared to Insight VM. I also tested InsightAppSec because Insight VM was not effective on web-based systems. I required a solution to manage on-premises, but I was not as satisfied as expected. I did note some good features in InsightAppSec compared to my existing solutions.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (314 words)

reviewer2677461

Works

Verified user of Rapid7 InsightAppSec

Mar 20, 2025

Robust technical support and effective vulnerability remediation enhance security operations

Pros

"I would rate the technical support from Rapid7 a ten, indicating high-quality support."

Cons

"There is room for improvement in Rapid7 InsightAppSec by giving clients the ability for extra columns on reports and enabling the extraction of remediation reports into a CSV format. Currently, the PDF format is cumbersome to go through when dealing with thousands of pages."

What is our primary use case?

Our primary use case for Rapid7 InsightAppSec is to scan for vulnerabilities on our APIs and UIs. We provide this service while being based at a client location, where we look after the Rapid7 InsightAppSec tool for them.

What is most valuable?

The most valuable feature of Rapid7 InsightAppSec is the remediation part, which we use the most. This aspect of the tool helps in addressing vulnerabilities effectively, making it one of the most utilized features in our operations.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (344 words)

Buyer's Guide

Rapid7 InsightAppSec

Download free report

Find out what your peers are saying about Rapid7 InsightAppSec. Updated March 2025

842,388 professionals have used our research since 2012.

Midhun Kumar

Head of Infrastructure at Pearl Data Direct

Verified user of Rapid7 InsightAppSec

Feb 25, 2025

Effective penetration testing enhances security posture

Pros

"When considering DAST, it is not attributed to a singular feature but rather the capabilities of the engine that provides a genuine penetration testing experience and delivers insightful reports. "

Cons

"The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports. "

What is our primary use case?

We primarily use Rapid7 InsightAppSec for application security within our organization. We perform penetration testing on our in-house-built, Java-based web applications to comply with regulatory standards. We use InsightAppSec to scan both web applications and APIs, executing penetration tests once a month to ensure compliance and security.

How has it helped my organization?

Rapid7 InsightAppSec helps us in both regulatory compliance and in strengthening our security posture. We make sure all APIs go through production scanning, and we receive alerts to address potential security threats.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (441 words)

Krzysztof Witko

IT Security Engineer at a financial services firm with 51-200 employees

Verified user of Rapid7 InsightAppSec

Jan 30, 2025

Automated authorization streamlines security processes

Pros

"The automatic automation of the automated authorization to the SCANNET environment is valuable. "

Cons

"Currently, InsightAppSec lacks similar functionality. Customers must wait for remediation during the developers' preparation of a new version."

What is our primary use case?

I use InsightAppSec with our customers. I help them create and realize scans in the environment. I also use the setup technology to scan our environment. I have experience as both a user and administrator.

What is most valuable?

The automatic automation of the automated authorization to the SCANNET environment is valuable. We can use automated actions or create a macro with the authorization sequence. It's very helpful when we send information to the developer, and when they can test the purchase or remediation provided during the development process themselves.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (375 words)

Vikas Dusa

Cyber Security Trainer and Programmer at Freelancer

Verified user of Rapid7 InsightAppSec

Mar 9, 2024

Helps to check multiple websites, particularly dynamic and e-commerce websites, for vulnerabilities within the code

Pros

"In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions. "

Cons

" Rapid7 InsightAppSec needs improvement in detecting phishing pages. "

What is our primary use case?

I use the solution to check multiple websites, particularly dynamic and e-commerce websites, for vulnerabilities within the code. The tool helps identify any vulnerabilities present in the code, providing precise information about the code that contains vulnerabilities.

What is most valuable?

If there is any malicious network traffic targeting a specific web application, it is designed to detect and showcase the entire scenario. It provides insights into potential vulnerabilities, including issues related to process scripting or content security policy vulnerabilities.

Setting up and configuring scans within the tool is easy, and I would rate it a nine out of ten. It provides videos on YouTube, along with documentation that breaks down the process into step-by-step instructions.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (589 words)

Nixon Bagalkoti

Cyber Security Lead at a printing company with 201-500 employees

Verified user of Rapid7 InsightAppSec

Sep 9, 2022

A user-friendly, well-priced solution with Attack Replay feature and good customization options

Pros

"You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."

Cons

"When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved."

What is our primary use case?

We are using it for DAST, dynamic scanning.

What is most valuable?

I like the user interface and the friendly nature of the tool. It is very user-friendly for anyone to use it. The customization part for scanning is also good.

You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (1074 words)

Aakash Shankar

Senior Cybersecurity Solutions Engineer at Trillium Information Security Systems

Verified user of Rapid7 InsightAppSec

Jun 17, 2024

An application security tool with a dynamic application security scanning feature that provides predefined templates and supports customisation

Pros

"Dynamic application security scanning provides predefined templates and supports customization. The ability to scan external and internal applications, including on-premises ones, is precious. Additionally, it is a cloud platform, so we don't need to deploy servers or resources. This makes it time-efficient and cost-effective. "

Cons

"The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications and should also cover mobile applications, including firmware recommendations."

What is our primary use case?

We use Rapid7 InsightAppSec for dynamic application security scanning. We scan our web applications to identify vulnerabilities and then address the issues based on the report. It is a task solution used for enterprise or customer applications.

What is most valuable?

Dynamic application security scanning provides predefined templates and supports customization. The ability to scan external and internal applications, including on-premises ones, is precious. Additionally, it is a cloud platform, so we don't need to deploy servers or resources. This makes it time-efficient and cost-effective.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Read full review (461 words)

RussellBurrows

Senior IT Security Specialist at KNIPPERX INC.

Verified user of Rapid7 InsightAppSec

Aug 4, 2023

A highly scalable and robust product that enables users to automate scans

Pros

"It is a very robust solution."

Cons

"The number of web applications we can scan is limited."

What is our primary use case?

We use it as a web application scanner. It runs a ton of different detections and tests against our web applications and provides us with results. It connects directly with our SDLC for an API. We can automate the scanning of a web application during the development process when it changes from development to test and test to production.

What is most valuable?

I like that the product allows us to have an internal and external scanner. We can authenticate scans and pick and choose which attacks we want to use. It is a very robust solution.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (473 words)

Rapid7 InsightAppSec Reviews

What is Rapid7 InsightAppSec?

Featured Rapid7 InsightAppSec reviews

Rapid7 InsightAppSec mindshare

PeerAnalyst reports based on Rapid7 InsightAppSec reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Rapid7 InsightAppSec with alternative products

Learn more about Rapid7 InsightAppSec

Rapid7 InsightAppSec customers

Related questions

Product Categories

Popular Comparisons

Rapid7 InsightAppSec reviews

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

How has it helped my organization?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

How has it helped my organization?

What is most valuable?

What needs improvement?

For how long have I used the solution?

What do I think about the stability of the solution?

What do I think about the scalability of the solution?

How are customer service and support?

How was the initial setup?

What other advice do I have?

Which deployment model are you using for this solution?