No more typing reviews! Try our Samantha, our new voice AI agent.

Rapid7 AppSpider vs Rapid7 InsightAppSec comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Rapid7 AppSpider
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
14
Ranking in other categories
Static Application Security Testing (SAST) (30th)
Rapid7 InsightAppSec
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
20
Ranking in other categories
Dynamic Application Security Testing (DAST) (5th), AI Observability (21st)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Rapid7 AppSpider is designed for Static Application Security Testing (SAST) and holds a mindshare of 0.8%, up 0.5% compared to last year.
Rapid7 InsightAppSec, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 5.8% mindshare, up 4.7% since last year.
Static Application Security Testing (SAST) Mindshare Distribution
ProductMindshare (%)
Rapid7 AppSpider0.8%
SonarQube14.2%
Checkmarx One9.1%
Other75.9%
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST) Mindshare Distribution
ProductMindshare (%)
Rapid7 InsightAppSec5.8%
Veracode14.5%
Checkmarx One14.2%
Other65.5%
Dynamic Application Security Testing (DAST)
 

Featured Reviews

HW
Marketing Expert at J's communication
Clients benefit from broad authentication and effective crawling but need localization improvements
Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments One of the most valuable features of AppSpider is its broad range of authentication identification, which is a key reason for its utilization.…
Shritam Bhowmick - PeerSpot reviewer
Vulnerability Management Lead at garrett
Provides reliable applications security but needs better integration options
There are areas for improvements regarding false positives. Integration capabilities are lacking, as options for integrations with other tools such as SNOW, Jira, or other integration tools are not sufficient in Rapid7 InsightAppSec. The user interface sometimes has glitches, which may prevent appropriate results during navigation, and even when we get appropriate results, it can be impossible to export them to CSV records or download files. Regarding scalability, Rapid7 InsightAppSec is not a scalable solution for our industry due to limited integration capabilities. Rapid7 relies on another tool called InsightConnect, which requires additional investment, detracting from scalability. Another area that needs improvement is the integration of AI capabilities into the platform. Both Rapid7 InsightAppSec and InsightVM need to advance in that area. In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives. This necessitates improvement in their behavioral-based analytics feature.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"It is really accurate and the rate of false positives is very low."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information, and you don't need specialized skills to use the product."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"I would say that it is stable, as I am not aware of any major issues."
"The setup is usually straightforward."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"The solution is highly stable, rated at ten out of ten."
"This is a product that I recommend and my advice for anybody who is interested in trying it, there is a free 60-day trial period where they will fix your problems without any payment."
"Rapid7 InsightAppSec helps us in both regulatory compliance and in strengthening our security posture."
"If a company needs an effective product for web scanning, I can recommend this product."
"For our needs, Rapid7 was the ideal go-to tool."
"The reporting functionality is excellent."
"The automatic automation of the automated authorization to the SCANNET environment is valuable."
"It's very easy to use and user-friendly, and it does the job."
"The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset."
 

Cons

"The documentation about integration with AppSpider is bad news and some integrations are quite difficult to do right now."
"For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users."
"This price of this solution is a little bit expensive."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"The tech support is responsive but issues remain unresolved."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"We'd like to see integrations with WAF solutions."
"In the future, if they can have integration with a lot of ticketing systems then it would be amazing."
"I would like more details of what the product can do."
"The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications and should also cover mobile applications, including firmware recommendations."
"We get a lot of false positives during the tests."
"Customers sometimes experience issues with performance."
"They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity."
"The number of web applications we can scan is limited."
 

Pricing and Cost Advice

"The licensing cost depends on the number of users."
"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
"AppSpider is closed-source software and you need to acquire a license in order to use it."
"The price is pretty fair."
"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
"Its price is competitive. It is not expensive."
"The price of this product is very cheap."
"I'm not sure how much it costs exactly, but I know it's expensive."
"Rapid7 InsightAppSec is cheap."
"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
903,933 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
11%
University
10%
Financial Services Firm
10%
Construction Company
7%
Manufacturing Company
13%
Financial Services Firm
9%
Construction Company
9%
Government
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise2
Large Enterprise1
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise2
Large Enterprise5
 

Questions from the Community

What is your experience regarding pricing and costs for Rapid7 AppSpider?
The price is not high, but for Japanese customers, localization may incur additional costs.
What needs improvement with Rapid7 AppSpider?
For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users.
What is your primary use case for Rapid7 AppSpider?
Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments.
What needs improvement with Rapid7 InsightAppSec?
Customers sometimes experience issues with performance. One thing that I recall is that most customers often want to have reporting as per their customized dashboard. This needs to be improved beca...
What is your primary use case for Rapid7 InsightAppSec?
I usually recommend this solution for financial institutions. Banks and financial institutions need this solution mostly because they have to follow stringent compliance advisory requirements, so t...
What advice do you have for others considering Rapid7 InsightAppSec?
I have not heard any complaints. I do not have any recommendations because customers were initially worried about the number of scans they used to perform, and now it has been enhanced or it will s...
 

Also Known As

AppSpider
InsightAppSec
 

Overview

 

Sample Customers

Microsoft
CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Static Application Security Testing (SAST). Updated: June 2026.
903,933 professionals have used our research since 2012.