Rapid7 InsightAppSec Reviews

Name: Rapid7 InsightAppSec
Brand: Rapid7
Rating: 4.1 (18 reviews)

4.1 out of 5

18 reviews
94% willing to recommend

134 followers

What is Rapid7 InsightAppSec?

Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

Get the Rapid7 InsightAppSec Buyer's Guide and find out what your peers are saying about Rapid7 InsightAppSec, HCL AppScan, Fortify WebInspect and more!

Rapid7 InsightAppSec is the #4 ranked solution in top Dynamic Application Security Testing (DAST) solutions. PeerSpot users give Rapid7 InsightAppSec an average rating of 8.2 out of 10. Rapid7 InsightAppSec is most commonly compared to HCL AppScan: Rapid7 InsightAppSec vs HCL AppScan. Rapid7 InsightAppSec is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 16% of all views.

Helped 848,716 peers since 2012

Featured Rapid7 InsightAppSec reviews

Krzysztof Witko

IT Security Engineer at a financial services firm with 51-200 employees

The previous product, AppSpyder, had a virtual patching module where we could generate patches for third-party web application firewalls, such as Imperva or F5. Currently, InsightAppSec lacks similar functionality. Customers must wait for remediation during the developers' preparation of a new version. Virtual patching could help protect web pages shortly after finishing the scan process.

Read full review

Vikas Dusa

Cyber Security Trainer and Programmer at Freelancer

In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions. If there is any malicious network traffic targeting a specific web application, it is designed to detect and showcase the entire scenario. It provides insights into potential vulnerabilities, including issues related to process scripting or content security policy vulnerabilities. Setting up and configuring scans within the tool is easy, and I would rate it a nine out of ten. It provides videos on YouTube, along with documentation that breaks down the process into step-by-step instructions.

Read full review

SonNguyen3

Technical Manager at a computer software company with 11-50 employees

I use Rapid7 InsightAppSec for dynamic application security testing. My main focus is on the quality of detection, specifically detecting vulnerabilities correctly. I also use it to provide neat reports, which my security team can use for validation. These reports are user-friendly, allowing us to…

Read full review

Rapid7 InsightAppSec mindshare

As of April 2025, the mindshare of Rapid7 InsightAppSec in the Dynamic Application Security Testing (DAST) category stands at 12.2%, down from 13.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST)

PeerResearch reports based on Rapid7 InsightAppSec reviews

Type	Title	Date
Category	Dynamic Application Security Testing (DAST)	Apr 24, 2025	Download
Product	Reviews, tips, and advice from real users	Apr 24, 2025	Download
Comparison	Rapid7 InsightAppSec vs HCL AppScan	Apr 24, 2025	Download
Comparison	Rapid7 InsightAppSec vs Fortify WebInspect	Apr 24, 2025	Download
Comparison	Rapid7 InsightAppSec vs Invicti	Apr 24, 2025	Download

Title	Rating	Mindshare	Recommending
HCL AppScan	3.9	16.3%	83%	43 interviews Add to research
Fortify WebInspect	3.6	23.9%	82%	21 interviews Add to research

Valuable Features

Rapid7 InsightAppSec offers versatile integration, robust user interface, and dynamic scanning capabilities. Users highlight its seamless system integration, user-friendly design, and customizable web scanning. The common templates align with industry standards and support internal-external application scans including cloud-based setups. InsightAppSec's automated processes and comprehensive vulnerability insights, including the Attack Replay feature and CDN provision, stand out. These aspects, alongside insightful reports and effective remediation recommendations, make it indispensable for maintaining secure environments.

"I would rate the technical support from Rapid7 a ten, indicating high-quality support."
"Rapid7 InsightAppSec helps us in both regulatory compliance and in strengthening our security posture."
"When considering DAST, it is not attributed to a singular feature but rather the capabilities of the engine that provides a genuine penetration testing experience and delivers insightful reports."

Room for Improvement

Rapid7 InsightAppSec requires more detailed information about its capabilities and improved reporting features with customizable options. Users find the interface for configuring scans and targets confusing, and scanning configurations can unintentionally overwrite previous settings. Integration with ticketing systems and Web Application Firewalls is needed. The platform should expand static and interactive analysis, detect phishing pages better, and support mobile app scanning. Performance enhancement, pricing flexibility, and better customer support are also areas that need attention.

"There is room for improvement in Rapid7 InsightAppSec by giving clients the ability for extra columns on reports and enabling the extraction of remediation reports into a CSV format. Currently, the PDF format is cumbersome to go through when dealing with thousands of pages."
"The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports."
"The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports."

ROI

Users indicated that Rapid7 InsightAppSec significantly enhanced their application security. They experienced faster vulnerability detection and remediation, improved compliance, and reduced risk exposure. Time savings and streamlined processes led to better resource allocation. Enhanced security oversight and effective threat management contributed to higher confidence in their defense capabilities.

Pricing

Enterprise buyers evaluating Rapid7 InsightAppSec find its pricing competitive, with some considering it affordable and worth the investment. Many users appreciate the flexibility of project-based licensing, allowing for unlimited users. While some find the cost on par with competitors, others seek potential discounts. A trial version is available for 60 days, offering free reports and problem fixes. Opinions on the cost vary, with some rating it highly and others finding it expensive.

"Rapid7 InsightAppSec is cheap."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
"I'm not sure how much it costs exactly, but I know it's expensive."

Popular Use Cases

Rapid7 InsightAppSec is used for vulnerability scanning, security assessments on web applications, and dynamic application security testing. It aids in API integration, penetration testing, and discovering code vulnerabilities. Organizations utilize it for web application scanning, results analysis, and compliance assurance. It seamlessly integrates into development processes and supports weekly scans of applications, providing detailed insights into security issues for enterprise and customer environments.

Service and Support

Rapid7 InsightAppSec's customer service is generally considered helpful and knowledgeable. Users report responsive technical support, with some noting the lack of a phone option. Though most support is US-based, which can be challenging for global users, others find it prompt and effective. Some feel response times could improve, especially for urgent issues. Location-specific experiences, such as in Dubai, are mostly positive, but a faster response and more accessible communication are desired by several users.

Deployment

Rapid7 InsightAppSec's initial setup is often described as straightforward and easy. Many users found the deployment quick, taking as little as 20 to 30 minutes with minimal personnel. As a cloud-based platform, the setup process is simplified and requires creating an account, which is largely unobtrusive. With straightforward documentation, most users conclude that InsightAppSec offers an uncomplicated initial experience, although some mention complexity with API configurations.

Scalability

Rapid7 InsightAppSec is highly scalable, benefiting from cloud capabilities that ease the expansion process. Users can quickly purchase additional licenses to support growth. While onboarding may present occasional delays, using it is straightforward for both external and internal scanning. With flexible deployment, it effectively caters to medium and large enterprises, facilitating gradual usage upgrades. Although scanning times for websites can be lengthy, the scalability aspect is user-friendly, earning high ratings for ease of deployment and scalability.

Stability

Rapid7 InsightAppSec is generally stable. Users face few issues, typically linked to occasional internet disruptions requiring re-scans or reconfiguration. It's reliable, with no significant bugs or crashes, and downtime is rare, primarily during scheduled maintenance. Notifications are sent for planned outages. Ratings vary between six and ten out of ten, with most praising its reliability. Some mention minor challenges like extended data fetching times, but improvements and added features are frequently noted.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Rapid7 InsightAppSec Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

15%

Manufacturing Company

12%

Government

Retailer

Healthcare Company

Energy/Utilities Company

Insurance Company

Real Estate/Law Firm

Construction Company

University

Hospitality Company

Non Profit

Logistics Company

Wholesaler/Distributor

Comms Service Provider

Educational Organization

Media Company

Recreational Facilities/Services Company

Outsourcing Company

Leisure / Travel Company

Pharma/Biotech Company

Performing Arts

Transportation Company

Legal Firm

Compare Rapid7 InsightAppSec with alternative products

Learn more about Rapid7 InsightAppSec

Rapid7 InsightAppSec was previously known as InsightAppSec.

Rapid7 InsightAppSec customers

CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace

Product Categories

Dynamic Application Security Testing (DAST)

Popular Comparisons

HCL AppScan vs Rapid7 InsightAppSec

Fortify WebInspect vs Rapid7 InsightAppSec

Invicti vs Rapid7 InsightAppSec

PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec

AppCheck vs Rapid7 InsightAppSec

See all alternatives

Rapid7 InsightAppSec reviews

Sort by:

reviewer2284569

Manager at a financial services firm with 5,001-10,000 employees

Verified user of Rapid7 InsightAppSec

Feb 25, 2025

AppSec features show promise but customer support needs improvement

Pros

"Relatively speaking, InsightAppSec is good compared to Insight VM. "

Cons

"There is room for improvement in the response time of customer service and support levels."

What is our primary use case?

I am working with Rapid7 InsightAppSec as well as Insight VM.

What is most valuable?

Relatively speaking, InsightAppSec is good compared to Insight VM. I also tested InsightAppSec because Insight VM was not effective on web-based systems. I required a solution to manage on-premises, but I was not as satisfied as expected. I did note some good features in InsightAppSec compared to my existing solutions.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (314 words)

reviewer2677461

Works

Verified user of Rapid7 InsightAppSec

Mar 20, 2025

Robust technical support and effective vulnerability remediation enhance security operations

Pros

"I would rate the technical support from Rapid7 a ten, indicating high-quality support."

Cons

"There is room for improvement in Rapid7 InsightAppSec by giving clients the ability for extra columns on reports and enabling the extraction of remediation reports into a CSV format. Currently, the PDF format is cumbersome to go through when dealing with thousands of pages."

What is our primary use case?

Our primary use case for Rapid7 InsightAppSec is to scan for vulnerabilities on our APIs and UIs. We provide this service while being based at a client location, where we look after the Rapid7 InsightAppSec tool for them.

What is most valuable?

The most valuable feature of Rapid7 InsightAppSec is the remediation part, which we use the most. This aspect of the tool helps in addressing vulnerabilities effectively, making it one of the most utilized features in our operations.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (344 words)

Buyer's Guide

Rapid7 InsightAppSec

Download free report

Find out what your peers are saying about Rapid7 InsightAppSec. Updated April 2025

848,716 professionals have used our research since 2012.

Midhun Kumar

Head of Infrastructure at Pearl Data Direct

Verified user of Rapid7 InsightAppSec

Feb 25, 2025

Effective penetration testing enhances security posture

Pros

"When considering DAST, it is not attributed to a singular feature but rather the capabilities of the engine that provides a genuine penetration testing experience and delivers insightful reports. "

Cons

"The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports. "

What is our primary use case?

We primarily use Rapid7 InsightAppSec for application security within our organization. We perform penetration testing on our in-house-built, Java-based web applications to comply with regulatory standards. We use InsightAppSec to scan both web applications and APIs, executing penetration tests once a month to ensure compliance and security.

How has it helped my organization?

Rapid7 InsightAppSec helps us in both regulatory compliance and in strengthening our security posture. We make sure all APIs go through production scanning, and we receive alerts to address potential security threats.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (441 words)

Krzysztof Witko

IT Security Engineer at a financial services firm with 51-200 employees

Verified user of Rapid7 InsightAppSec

Jan 30, 2025

Automated authorization streamlines security processes

Pros

"The automatic automation of the automated authorization to the SCANNET environment is valuable. "

Cons

"Currently, InsightAppSec lacks similar functionality. Customers must wait for remediation during the developers' preparation of a new version."

What is our primary use case?

I use InsightAppSec with our customers. I help them create and realize scans in the environment. I also use the setup technology to scan our environment. I have experience as both a user and administrator.

What is most valuable?

The automatic automation of the automated authorization to the SCANNET environment is valuable. We can use automated actions or create a macro with the authorization sequence. It's very helpful when we send information to the developer, and when they can test the purchase or remediation provided during the development process themselves.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (375 words)

Vikas Dusa

Cyber Security Trainer and Programmer at Freelancer

Verified user of Rapid7 InsightAppSec

Mar 9, 2024

Helps to check multiple websites, particularly dynamic and e-commerce websites, for vulnerabilities within the code

Pros

"In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions. "

Cons

" Rapid7 InsightAppSec needs improvement in detecting phishing pages. "

What is our primary use case?

I use the solution to check multiple websites, particularly dynamic and e-commerce websites, for vulnerabilities within the code. The tool helps identify any vulnerabilities present in the code, providing precise information about the code that contains vulnerabilities.

What is most valuable?

If there is any malicious network traffic targeting a specific web application, it is designed to detect and showcase the entire scenario. It provides insights into potential vulnerabilities, including issues related to process scripting or content security policy vulnerabilities.

Setting up and configuring scans within the tool is easy, and I would rate it a nine out of ten. It provides videos on YouTube, along with documentation that breaks down the process into step-by-step instructions.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (589 words)

SonNguyen3

Technical Manager at a computer software company with 11-50 employees

Verified user of Rapid7 InsightAppSec

Apr 10, 2025

Benefit from accurate vulnerability detection and user-friendly reports for application security testing

What is our primary use case?

What is most valuable?

Rapid7 InsightAppSec is a good product for dynamic application security testing. It provides neat reports that include validation actions, and it helps to generate web application firewall rules for web applications. Additionally, the attack replay function is beneficial for security testing applications.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Read full review (405 words)

Nixon Bagalkoti

Cyber Security Lead at a printing company with 201-500 employees

Verified user of Rapid7 InsightAppSec

Sep 9, 2022

A user-friendly, well-priced solution with Attack Replay feature and good customization options

Pros

"You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."

Cons

"When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved."

What is our primary use case?

We are using it for DAST, dynamic scanning.

What is most valuable?

I like the user interface and the friendly nature of the tool. It is very user-friendly for anyone to use it. The customization part for scanning is also good.

You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (1074 words)

Aakash Shankar

Senior Cybersecurity Solutions Engineer at Trillium Information Security Systems

Verified user of Rapid7 InsightAppSec

Jun 17, 2024

An application security tool with a dynamic application security scanning feature that provides predefined templates and supports customisation

Pros

"Dynamic application security scanning provides predefined templates and supports customization. The ability to scan external and internal applications, including on-premises ones, is precious. Additionally, it is a cloud platform, so we don't need to deploy servers or resources. This makes it time-efficient and cost-effective. "

Cons

"The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications and should also cover mobile applications, including firmware recommendations."

What is our primary use case?

We use Rapid7 InsightAppSec for dynamic application security scanning. We scan our web applications to identify vulnerabilities and then address the issues based on the report. It is a task solution used for enterprise or customer applications.

What is most valuable?

Dynamic application security scanning provides predefined templates and supports customization. The ability to scan external and internal applications, including on-premises ones, is precious. Additionally, it is a cloud platform, so we don't need to deploy servers or resources. This makes it time-efficient and cost-effective.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Read full review (461 words)

Rapid7 InsightAppSec Reviews

What is Rapid7 InsightAppSec?

Featured Rapid7 InsightAppSec reviews

Rapid7 InsightAppSec mindshare

PeerResearch reports based on Rapid7 InsightAppSec reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Rapid7 InsightAppSec with alternative products

Learn more about Rapid7 InsightAppSec

Rapid7 InsightAppSec customers

Related questions

Product Categories

Popular Comparisons

Rapid7 InsightAppSec reviews

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

How has it helped my organization?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

What is our primary use case?

What is most valuable?

What needs improvement?

For how long have I used the solution?

What do I think about the stability of the solution?

What do I think about the scalability of the solution?

How are customer service and support?

How would you rate customer service and support?

How was the initial setup?

What's my experience with pricing, setup cost, and licensing?

Which other solutions did I evaluate?

What other advice do I have?

Which deployment model are you using for this solution?

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?