Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Rapid7 InsightAppSec comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Checkmarx One
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (16th), Static Code Analysis (2nd), API Security (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
Rapid7 InsightAppSec
Average Rating
8.6
Number of Reviews
13
Ranking in other categories
Dynamic Application Security Testing (DAST) (4th)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Checkmarx One is designed for Application Security Tools and holds a mindshare of 12.9%, down 15.0% compared to last year.
Rapid7 InsightAppSec, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 12.8% mindshare, down 13.2% since last year.
Application Security Tools
Dynamic Application Security Testing (DAST)
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
Vikas Dusa - PeerSpot reviewer
Mar 4, 2024
Helps to check multiple websites, particularly dynamic and e-commerce websites, for vulnerabilities within the code
In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions. If there is any malicious network traffic targeting a specific web application, it is designed to detect and showcase the entire scenario. It provides insights into potential vulnerabilities, including issues related to process scripting or content security policy vulnerabilities. Setting up and configuring scans within the tool is easy, and I would rate it a nine out of ten. It provides videos on YouTube, along with documentation that breaks down the process into step-by-step instructions.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Apart from software scanning, software composition scanning is valuable."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"Helps us check vulnerabilities in our SAP Fiori application."
"It has all the features we need."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"Scan reviews can occur during the development lifecycle."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"It is very convenient to get reports from the tool, which offers high-level environmental statistics."
"It's very easy to use and user-friendly. It does the job."
"Dynamic application security scanning provides predefined templates and supports customization. The ability to scan external and internal applications, including on-premises ones, is precious. Additionally, it is a cloud platform, so we don't need to deploy servers or resources. This makes it time-efficient and cost-effective."
"In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions."
"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."
"You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."
"It is a very robust solution."
"The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great."
 

Cons

"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"If it is a very large code base then we have a problem where we cannot scan it."
"We can run only one project at a time."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"They could work to improve the user interface. Right now, it really is lacking."
"Implementing a blackout time for any user or teams: Needs improvement."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved."
"The number of web applications we can scan is limited."
"The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec."
"They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity."
"I would like more details of what the product can do."
"We get a lot of false positives during the tests."
"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."
"The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions."
 

Pricing and Cost Advice

"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"This solution is expensive. The customized package allows you to buy additional users at any time."
"It is a good product but a little overpriced."
"​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
"It is an expensive solution."
"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
"I'm not sure how much it costs exactly, but I know it's expensive."
"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."
"Rapid7 InsightAppSec is cheap."
"The price of this product is very cheap."
"Its price is competitive. It is not expensive."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Computer Software Company
21%
Financial Services Firm
14%
Manufacturing Company
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What do you like most about Rapid7 InsightAppSec?
In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to p...
What needs improvement with Rapid7 InsightAppSec?
The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehe...
What is your primary use case for Rapid7 InsightAppSec?
We use Rapid7 InsightAppSec for dynamic application security scanning. We scan our web applications to identify vulnerabilities and then address the issues based on the report. It is a task solutio...
 

Also Known As

No data available
InsightAppSec
 

Learn More

 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace
Find out what your peers are saying about Checkmarx One vs. Rapid7 InsightAppSec and other solutions. Updated: May 2022.
814,649 professionals have used our research since 2012.