Rapid7 InsightAppSec Reviews

Name: Rapid7 InsightAppSec
Brand: Rapid7
Rating: 4.3 (13 reviews)

4.3 out of 5

13 reviews
100% willing to recommend

134 followers

What is Rapid7 InsightAppSec?

Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

Get the Rapid7 InsightAppSec Buyer's Guide and find out what your peers are saying about Rapid7 InsightAppSec, HCL AppScan, Fortify WebInspect and more!

Rapid7 InsightAppSec is the #4 ranked solution in top Dynamic Application Security Testing (DAST) solutions. PeerSpot users give Rapid7 InsightAppSec an average rating of 8.6 out of 10. Based on the analysis of the 13 most recent Rapid7 InsightAppSec reviews, the overall sentiment is positive, with a sentiment score of 7.1. (Among the highest in the category). Rapid7 InsightAppSec is most commonly compared to HCL AppScan: Rapid7 InsightAppSec vs HCL AppScan. Rapid7 InsightAppSec is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.

Helped 824,053 peers since 2012

Featured reviews

Vikas Dusa

Cyber Security Trainer and Programmer at Freelancer

In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions. If there is any malicious network traffic targeting a specific web application, it is designed to detect and showcase the entire scenario. It provides insights into potential vulnerabilities, including issues related to process scripting or content security policy vulnerabilities. Setting up and configuring scans within the tool is easy, and I would rate it a nine out of ten. It provides videos on YouTube, along with documentation that breaks down the process into step-by-step instructions.

Read full review

Aakash Shankar

Senior Cybersecurity Solutions Engineer at Trillium Information Security Systems

The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications, but it should also cover mobile applications, including firmware recommendations.

Read full review

Nixon Bagalkoti

Cyber Security Lead at a printing company with 201-500 employees

Scanning can be better. When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved. They need to work on the user interface and management of all the projects. Their support can also be improved a little. They should also focus on a wider integration scale and end-to-end scanning.

Read full review

Rapid7 InsightAppSec mindshare

As of December 2024, the mindshare of Rapid7 InsightAppSec in the Dynamic Application Security Testing (DAST) category stands at 12.1%, down from 13.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST)

PeerAnalyst reports

Type	Title	Date
Category	Dynamic Application Security Testing (DAST)	Dec 22, 2024	Download
Product	Reviews, tips, and advice from real users	Dec 22, 2024	Download
Comparison	Rapid7 InsightAppSec vs HCL AppScan	Dec 22, 2024	Download
Comparison	Rapid7 InsightAppSec vs Fortify WebInspect	Dec 22, 2024	Download
Comparison	Rapid7 InsightAppSec vs Invicti	Dec 22, 2024	Download

Title	Rating	Mindshare	Recommending
HCL AppScan	3.9	23.6%	83%	43 interviews Add to research
Fortify WebInspect	3.6	30.1%	81%	20 interviews Add to research

Valuable Features

Rapid7 InsightAppSec's most valuable features include easy web scanning, accessible attack templates, user-friendly interface, customization of scans, stable and scalable service, signature-based problem alerts, robust internal and external scanner, convenient reporting, seamless CDN integration, and dynamic application security scanning with predefined templates.

"Dynamic application security scanning provides predefined templates and supports customization. The ability to scan external and internal applications, including on-premises ones, is precious. Additionally, it is a cloud platform, so we don't need to deploy servers or resources. This makes it time-efficient and cost-effective."
"In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions."
"It is very convenient to get reports from the tool, which offers high-level environmental statistics."

Room for Improvement

Rapid7 InsightAppSec requires enhancements in reporting, user interface, and scan management. Users suggest better widget functionality and clearer instructions. Performance improvements and wider integration with ticketing systems and WAF solutions are desired. Enhancing static and interactivity analysis, reducing false positives, and improving detection of phishing pages are necessary. There's a need for scanning mobile applications and SaaS features, addressing cost flexibility, and offering more detailed vulnerability information within reports.

"The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive.It would be beneficial if the solution could also scan mobile applications. It only scans web applications and should also cover mobile applications, including firmware recommendations."
"Rapid7 InsightAppSec needs improvement in detecting phishing pages."
"We get a lot of false positives during the tests."

ROI

Users indicated that Rapid7 InsightAppSec significantly enhanced their application security. They experienced faster vulnerability detection and remediation, improved compliance, and reduced risk exposure. Time savings and streamlined processes led to better resource allocation. Enhanced security oversight and effective threat management contributed to higher confidence in their defense capabilities.

Pricing

Enterprise buyers find Rapid7 InsightAppSec's pricing competitive and fair compared to the competition. Many users highlight the product as inexpensive, with some opting for project-based licensing that accommodates unlimited users. Although detailed costs are often unknown to technical teams, the availability of a 60-day trial version with comprehensive features is appreciated. Overall, the solution is considered worth the investment, earning positive ratings for cost-effectiveness.

"Rapid7 InsightAppSec is cheap."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
"I'm not sure how much it costs exactly, but I know it's expensive."

Popular Use Cases

They primarily use Rapid7 InsightAppSec for scanning web applications to identify vulnerabilities. It is utilized for application security, dynamic scanning, and pre-deployment testing. The tool helps in security assessments, code scanning, API integration, and identifying issues in running applications. It is connected with the SDLC for automated scanning during different development stages. Users use it for fetching vulnerabilities, getting insights on configurations, and checking multiple websites, particularly dynamic and e-commerce sites.

Service and Support

Rapid7 InsightAppSec customer service and support receive mixed feedback. Some users find the technical support very good, responsive, and knowledgeable. Others note challenges with time zones, the lack of a call option, and varying service quality depending on licensing. Some users appreciate the fast response and helpfulness, while others desire faster resolutions and more proactive assistance.

Deployment

Rapid7 InsightAppSec's initial setup is described as easy, quick, and straightforward. Most users mention it takes between 20 minutes to a few hours, with a low number of people required for deployment. Being a cloud-based tool simplifies the process, and comprehensive documentation aids in setup. Users appreciate the minimal complexity and rate the ease of setup highly, indicating that even non-IT personnel can handle it effectively.

Scalability

Rapid7 InsightAppSec is easily scalable due to its cloud-based nature. Users can expand by acquiring additional licenses, though this incurs extra costs. Many utilize it for various application sizes, with the ability to automate scans in the future. While some face occasional delays in onboarding, data retrieval, and scans, it suits medium to large enterprises. Deploying new applications is straightforward, and teams of various sizes can efficiently manage its usage.

Stability

Rapid7 InsightAppSec is stable with good performance and reliability, though internet interruptions can affect its functioning. Users experienced no major issues, except minor downtime during patches. They received timely notifications about planned downtime. Some experienced slower data fetching, while others had no bugs or glitches. The stability received ratings between six and eight out of ten, with some suggesting additional functions for the essential version. Rapid7 InsightAppSec is considered one of the popular players in its field.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Rapid7 InsightAppSec Buyer's Guide for additional reliable information.