Try our new research platform with insights from 80,000+ expert users

PortSwigger Burp Suite Professional vs Rapid7 InsightAppSec comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

PortSwigger Burp Suite Prof...
Average Rating
8.6
Reviews Sentiment
7.7
Number of Reviews
60
Ranking in other categories
Application Security Tools (8th), Static Application Security Testing (SAST) (6th), Fuzz Testing Tools (1st)
Rapid7 InsightAppSec
Average Rating
8.6
Number of Reviews
13
Ranking in other categories
Dynamic Application Security Testing (DAST) (4th)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. PortSwigger Burp Suite Professional is designed for Application Security Tools and holds a mindshare of 1.8%, down 2.0% compared to last year.
Rapid7 InsightAppSec, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 12.8% mindshare, down 13.2% since last year.
Application Security Tools
Dynamic Application Security Testing (DAST)
 

Featured Reviews

Anton Krivonosov - PeerSpot reviewer
Jan 17, 2024
A special tool for penetration testers or security specialists to conduct security assessments
We use the solution for security assessments. It's a special tool for penetration testers or security specialists PortSwigger Burp Suite Professional is a standard tool in the security industry. It's a stable solution that has many features. You can download different plugins if you don't have…
Vikas Dusa - PeerSpot reviewer
Mar 4, 2024
Helps to check multiple websites, particularly dynamic and e-commerce websites, for vulnerabilities within the code
In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions. If there is any malicious network traffic targeting a specific web application, it is designed to detect and showcase the entire scenario. It provides insights into potential vulnerabilities, including issues related to process scripting or content security policy vulnerabilities. Setting up and configuring scans within the tool is easy, and I would rate it a nine out of ten. It provides videos on YouTube, along with documentation that breaks down the process into step-by-step instructions.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use the solution for vulnerability assessment in respect of the application and the sites."
"The solution has a great user interface."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"One useful function is the ability to send requests to the repeater without making actual requests through the browser, allowing me to modify requests easily."
"We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up."
"In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions."
"You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."
"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."
"The solution is stable."
"It is very convenient to get reports from the tool, which offers high-level environmental statistics."
"The product’s most valuable feature is UI. It is easy to manage and find vulnerabilities in the application."
"It is a very robust solution."
"Dynamic application security scanning provides predefined templates and supports customization. The ability to scan external and internal applications, including on-premises ones, is precious. Additionally, it is a cloud platform, so we don't need to deploy servers or resources. This makes it time-efficient and cost-effective."
 

Cons

"The scanner and crawler need to be improved."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"As with most automated security tools, too many false positives."
"The solution is not easy to set it up. You need a lot of knowledge."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions."
"In the Professional version, we cannot link it with the CI/CD process."
"The vendor must provide documentation on how to use the new API feature."
"I would like more details of what the product can do."
"The number of web applications we can scan is limited."
"Rapid7 InsightAppSec needs improvement in detecting phishing pages."
"The product’s pricing could be flexible."
"They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity."
"The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions."
"In the future, if they can have integration with a lot of ticketing systems then it would be amazing."
"We'd like to see integrations with WAF solutions."
 

Pricing and Cost Advice

"We are using the community version, which is free."
"Our licensing cost is approximately $400 USD per year."
"Burp Suite is affordable."
"The yearly cost is about $300."
"The price for the solution is expensive and could be cheaper. We pay an annual license and our team has several of them."
"There is no setup cost and the cost of licensing is affordable."
"PortSwigger is a bit expensive."
"There are different licenses available that include a free version."
"Its price is competitive. It is not expensive."
"Rapid7 InsightAppSec is cheap."
"The price of this product is very cheap."
"I'm not sure how much it costs exactly, but I know it's expensive."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
814,572 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
13%
Government
11%
Manufacturing Company
8%
Computer Software Company
21%
Financial Services Firm
13%
Manufacturing Company
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
What do you like most about PortSwigger Burp Suite Professional?
The solution helped us discover vulnerabilities in our applications.
What is your experience regarding pricing and costs for PortSwigger Burp Suite Professional?
I would rate the pricing a six out of ten. It's not as flexible here as it might be in European or American markets.
What do you like most about Rapid7 InsightAppSec?
In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to p...
What needs improvement with Rapid7 InsightAppSec?
The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehe...
What is your primary use case for Rapid7 InsightAppSec?
We use Rapid7 InsightAppSec for dynamic application security scanning. We scan our web applications to identify vulnerabilities and then address the issues based on the report. It is a task solutio...
 

Also Known As

Burp
InsightAppSec
 

Overview

 

Sample Customers

Google, Amazon, NASA, FedEx, P&G, Salesforce
CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace
Find out what your peers are saying about PortSwigger Burp Suite Professional vs. Rapid7 InsightAppSec and other solutions. Updated: May 2022.
814,572 professionals have used our research since 2012.