Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Rapid7 InsightAppSec comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Checkmarx One
Average Rating
7.6
Reviews Sentiment
7.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (16th), Static Code Analysis (2nd), API Security (2nd), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
Rapid7 InsightAppSec
Average Rating
8.6
Number of Reviews
13
Ranking in other categories
Dynamic Application Security Testing (DAST) (4th)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Checkmarx One is designed for Application Security Tools and holds a mindshare of 12.9%, down 15.0% compared to last year.
Rapid7 InsightAppSec, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 12.8% mindshare, down 13.2% since last year.
Application Security Tools
Dynamic Application Security Testing (DAST)
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
Vikas Dusa - PeerSpot reviewer
Mar 4, 2024
Helps to check multiple websites, particularly dynamic and e-commerce websites, for vulnerabilities within the code
In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions. If there is any malicious network traffic targeting a specific web application, it is designed to detect and showcase the entire scenario. It provides insights into potential vulnerabilities, including issues related to process scripting or content security policy vulnerabilities. Setting up and configuring scans within the tool is easy, and I would rate it a nine out of ten. It provides videos on YouTube, along with documentation that breaks down the process into step-by-step instructions.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the simple user interface."
"Helps us check vulnerabilities in our SAP Fiori application."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"The tool's valuable features include integrating GPT and Copilot. Additionally, the UI web representation is very user-friendly, making navigation easy. GPT has made several improvements to my security code."
"Less false positive errors as compared to any other solution."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"Scan reviews can occur during the development lifecycle."
"The product’s most valuable feature is UI. It is easy to manage and find vulnerabilities in the application."
"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."
"The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great."
"In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions."
"The solution is stable."
"It is very convenient to get reports from the tool, which offers high-level environmental statistics."
"It is a very robust solution."
"You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."
 

Cons

"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"I would like to see the tool’s pricing improved."
"The solution sometimes reports a false auditable code or false positive."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"We have received some feedback from our customers who are receiving a large number of false positives."
"It is an expensive solution."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"In the future, if they can have integration with a lot of ticketing systems then it would be amazing."
"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."
"When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved."
"The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec."
"They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity."
"The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications and should also cover mobile applications, including firmware recommendations."
"We'd like to see integrations with WAF solutions."
"Rapid7 InsightAppSec needs improvement in detecting phishing pages."
 

Pricing and Cost Advice

"We have purchased an annual license to use this solution. The price is reasonable."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"The solution is costly."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
"Rapid7 InsightAppSec is cheap."
"I'm not sure how much it costs exactly, but I know it's expensive."
"The price of this product is very cheap."
"Its price is competitive. It is not expensive."
"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
815,129 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Computer Software Company
20%
Financial Services Firm
13%
Manufacturing Company
10%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
What do you like most about Rapid7 InsightAppSec?
In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to p...
What needs improvement with Rapid7 InsightAppSec?
The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehe...
What is your primary use case for Rapid7 InsightAppSec?
We use Rapid7 InsightAppSec for dynamic application security scanning. We scan our web applications to identify vulnerabilities and then address the issues based on the report. It is a task solutio...
 

Also Known As

No data available
InsightAppSec
 

Learn More

 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace
Find out what your peers are saying about Checkmarx One vs. Rapid7 InsightAppSec and other solutions. Updated: May 2022.
815,129 professionals have used our research since 2012.