Try our new research platform with insights from 80,000+ expert users

Rapid7 AppSpider vs Rapid7 InsightAppSec comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Rapid7 AppSpider
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
14
Ranking in other categories
Static Application Security Testing (SAST) (27th)
Rapid7 InsightAppSec
Average Rating
8.2
Reviews Sentiment
7.7
Number of Reviews
17
Ranking in other categories
Dynamic Application Security Testing (DAST) (4th)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Rapid7 AppSpider is designed for Static Application Security Testing (SAST) and holds a mindshare of 0.5%, down 0.6% compared to last year.
Rapid7 InsightAppSec, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 12.2% mindshare, down 13.7% since last year.
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
 

Featured Reviews

Andrei Bigdan - PeerSpot reviewer
Useful vulnerability reporting data, flexible, and simple implementation
I have had some stability problems but it could be the Microsoft Windows operating system. I found that closing other applications helps with stability. It is helpful to have as much memory as possible, such as eight gigabytes. The more pages being processed the more resources you need. I rate the stability of Rapid7 AppSpider a nine out of ten.
Krzysztof Witko - PeerSpot reviewer
Automated authorization streamlines security processes
The previous product, AppSpyder, had a virtual patching module where we could generate patches for third-party web application firewalls, such as Imperva or F5. Currently, InsightAppSec lacks similar functionality. Customers must wait for remediation during the developers' preparation of a new version. Virtual patching could help protect web pages shortly after finishing the scan process.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"It scans all the components developed within a web application."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"One of the most valuable features of AppSpider is its broad range of authentication identification, which is a key reason for its utilization."
"The automatic automation of the automated authorization to the SCANNET environment is valuable."
"It is a very robust solution."
"You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."
"It's very easy to use and user-friendly. It does the job."
"The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great."
"I rate stability ten out of ten."
"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."
"The product’s most valuable feature is UI. It is easy to manage and find vulnerabilities in the application."
 

Cons

"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"There are some glitches with stability, and it is an area for improvement."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"Integration could be better."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"Support response times are slow and can be improved."
"The enterprise interface is too simple. It should be more customizable."
"This price of this solution is a little bit expensive."
"The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec."
"We'd like to see integrations with WAF solutions."
"The number of web applications we can scan is limited."
"The product’s pricing could be flexible."
"There is room for improvement in the response time of customer service and support levels."
"We get a lot of false positives during the tests."
"The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications and should also cover mobile applications, including firmware recommendations."
"The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions."
 

Pricing and Cost Advice

"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
"AppSpider is closed-source software and you need to acquire a license in order to use it."
"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
"The price is pretty fair."
"The licensing cost depends on the number of users."
"I'm not sure how much it costs exactly, but I know it's expensive."
"Rapid7 InsightAppSec is cheap."
"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."
"The price of this product is very cheap."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
"Its price is competitive. It is not expensive."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
845,406 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
14%
Healthcare Company
8%
Government
8%
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
12%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Rapid7 AppSpider?
The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate a...
What is your experience regarding pricing and costs for Rapid7 AppSpider?
The price is not high, but for Japanese customers, localization may incur additional costs.
What needs improvement with Rapid7 AppSpider?
For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users.
What do you like most about Rapid7 InsightAppSec?
In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to p...
What needs improvement with Rapid7 InsightAppSec?
The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports. It would be beneficial if there were an option for customers to customize reports to include ...
What is your primary use case for Rapid7 InsightAppSec?
We primarily use Rapid7 InsightAppSec for application security within our organization. We perform penetration testing on our in-house-built, Java-based web applications to comply with regulatory s...
 

Also Known As

AppSpider
InsightAppSec
 

Overview

 

Sample Customers

Microsoft
CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace
Find out what your peers are saying about Rapid7 AppSpider vs. Rapid7 InsightAppSec and other solutions. Updated: May 2022.
845,406 professionals have used our research since 2012.