No more typing reviews! Try our Samantha, our new voice AI agent.

Rapid7 AppSpider vs Rapid7 InsightAppSec comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Rapid7 AppSpider
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
14
Ranking in other categories
Static Application Security Testing (SAST) (30th)
Rapid7 InsightAppSec
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
20
Ranking in other categories
Dynamic Application Security Testing (DAST) (5th), AI Observability (21st)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Rapid7 AppSpider is designed for Static Application Security Testing (SAST) and holds a mindshare of 0.8%, up 0.5% compared to last year.
Rapid7 InsightAppSec, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 5.8% mindshare, up 4.7% since last year.
Static Application Security Testing (SAST) Mindshare Distribution
ProductMindshare (%)
Rapid7 AppSpider0.8%
SonarQube14.2%
Checkmarx One9.1%
Other75.9%
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST) Mindshare Distribution
ProductMindshare (%)
Rapid7 InsightAppSec5.8%
Veracode14.5%
Checkmarx One14.2%
Other65.5%
Dynamic Application Security Testing (DAST)
 

Featured Reviews

HW
Marketing Expert at J's communication
Clients benefit from broad authentication and effective crawling but need localization improvements
Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments One of the most valuable features of AppSpider is its broad range of authentication identification, which is a key reason for its utilization.…
Shritam Bhowmick - PeerSpot reviewer
Vulnerability Management Lead at garrett
Provides reliable applications security but needs better integration options
There are areas for improvements regarding false positives. Integration capabilities are lacking, as options for integrations with other tools such as SNOW, Jira, or other integration tools are not sufficient in Rapid7 InsightAppSec. The user interface sometimes has glitches, which may prevent appropriate results during navigation, and even when we get appropriate results, it can be impossible to export them to CSV records or download files. Regarding scalability, Rapid7 InsightAppSec is not a scalable solution for our industry due to limited integration capabilities. Rapid7 relies on another tool called InsightConnect, which requires additional investment, detracting from scalability. Another area that needs improvement is the integration of AI capabilities into the platform. Both Rapid7 InsightAppSec and InsightVM need to advance in that area. In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives. This necessitates improvement in their behavioral-based analytics feature.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the reporting, which is compliant with international standards."
"It scans all the components developed within a web application."
"It is really accurate and the rate of false positives is very low."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information, and you don't need specialized skills to use the product."
"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"This solution is a leader in the industry."
"One of the most valuable features of AppSpider is its broad range of authentication identification, which is a key reason for its utilization."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset."
"Customers use the product for scanning purposes and do not want to be restricted with respect to the number of scans they perform."
"When considering DAST, it is not attributed to a singular feature but rather the capabilities of the engine that provides a genuine penetration testing experience and delivers insightful reports."
"The automatic automation of the automated authorization to the SCANNET environment is valuable."
"It is a very robust solution."
"The most valuable feature of this solution is the graphical interface."
"This is a product that I recommend and my advice for anybody who is interested in trying it, there is a free 60-day trial period where they will fix your problems without any payment."
"Dynamic application security scanning provides predefined templates and supports customization. The ability to scan external and internal applications, including on-premises ones, is precious. Additionally, it is a cloud platform, so we don't need to deploy servers or resources. This makes it time-efficient and cost-effective."
 

Cons

"Integration could be better."
"The documentation about integration with AppSpider is bad news and some integrations are quite difficult to do right now."
"The dashboard and interface are crucial and they need some improvement."
"This price of this solution is a little bit expensive."
"Support response times are slow and can be improved."
"Integration could be better. For example, while doing the scanning, using the recording username and passwords, there are issues."
"AppSpider has some problems with the RAM needed while scanning."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"There is room for improvement in the response time of customer service and support levels."
"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange."
"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."
"Rapid7 InsightAppSec needs improvement in detecting phishing pages."
"In the future, if they can have integration with a lot of ticketing systems then it would be amazing."
"I would like more details of what the product can do."
"The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports."
"The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec."
 

Pricing and Cost Advice

"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
"AppSpider is closed-source software and you need to acquire a license in order to use it."
"The price is pretty fair."
"The licensing cost depends on the number of users."
"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
"I'm not sure how much it costs exactly, but I know it's expensive."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
"Rapid7 InsightAppSec is cheap."
"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."
"The price of this product is very cheap."
"Its price is competitive. It is not expensive."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
11%
University
10%
Financial Services Firm
10%
Construction Company
7%
Manufacturing Company
13%
Financial Services Firm
10%
Construction Company
9%
Government
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise2
Large Enterprise1
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise2
Large Enterprise5
 

Questions from the Community

What is your experience regarding pricing and costs for Rapid7 AppSpider?
The price is not high, but for Japanese customers, localization may incur additional costs.
What needs improvement with Rapid7 AppSpider?
For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users.
What is your primary use case for Rapid7 AppSpider?
Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments.
What needs improvement with Rapid7 InsightAppSec?
Customers sometimes experience issues with performance. One thing that I recall is that most customers often want to have reporting as per their customized dashboard. This needs to be improved beca...
What is your primary use case for Rapid7 InsightAppSec?
I usually recommend this solution for financial institutions. Banks and financial institutions need this solution mostly because they have to follow stringent compliance advisory requirements, so t...
What advice do you have for others considering Rapid7 InsightAppSec?
I have not heard any complaints. I do not have any recommendations because customers were initially worried about the number of scans they used to perform, and now it has been enhanced or it will s...
 

Also Known As

AppSpider
InsightAppSec
 

Overview

 

Sample Customers

Microsoft
CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Static Application Security Testing (SAST). Updated: June 2026.
902,894 professionals have used our research since 2012.