No more typing reviews! Try our Samantha, our new voice AI agent.

Rapid7 AppSpider vs Rapid7 InsightAppSec comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Rapid7 AppSpider
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
14
Ranking in other categories
Static Application Security Testing (SAST) (30th)
Rapid7 InsightAppSec
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
20
Ranking in other categories
Dynamic Application Security Testing (DAST) (5th), AI Observability (21st)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Rapid7 AppSpider is designed for Static Application Security Testing (SAST) and holds a mindshare of 0.8%, up 0.5% compared to last year.
Rapid7 InsightAppSec, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 5.8% mindshare, up 4.7% since last year.
Static Application Security Testing (SAST) Mindshare Distribution
ProductMindshare (%)
Rapid7 AppSpider0.8%
SonarQube14.2%
Checkmarx One9.1%
Other75.9%
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST) Mindshare Distribution
ProductMindshare (%)
Rapid7 InsightAppSec5.8%
Veracode14.5%
Checkmarx One14.2%
Other65.5%
Dynamic Application Security Testing (DAST)
 

Featured Reviews

HW
Marketing Expert at J's communication
Clients benefit from broad authentication and effective crawling but need localization improvements
Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments One of the most valuable features of AppSpider is its broad range of authentication identification, which is a key reason for its utilization.…
Shritam Bhowmick - PeerSpot reviewer
Vulnerability Management Lead at garrett
Provides reliable applications security but needs better integration options
There are areas for improvements regarding false positives. Integration capabilities are lacking, as options for integrations with other tools such as SNOW, Jira, or other integration tools are not sufficient in Rapid7 InsightAppSec. The user interface sometimes has glitches, which may prevent appropriate results during navigation, and even when we get appropriate results, it can be impossible to export them to CSV records or download files. Regarding scalability, Rapid7 InsightAppSec is not a scalable solution for our industry due to limited integration capabilities. Rapid7 relies on another tool called InsightConnect, which requires additional investment, detracting from scalability. Another area that needs improvement is the integration of AI capabilities into the platform. Both Rapid7 InsightAppSec and InsightVM need to advance in that area. In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives. This necessitates improvement in their behavioral-based analytics feature.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"It does a scan that performs about 100 checks on web applications and produces a clear report on all of the vulnerabilities that are found."
"This solution is a leader in the industry."
"One of the most valuable features of AppSpider is its broad range of authentication identification, which is a key reason for its utilization."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"The setup is usually straightforward."
"The solution is highly stable, rated at ten out of ten."
"The stability has been very good; I would rate it five out of five in terms of reliability, as it doesn't crash or freeze, there are no bugs or glitches, and the performance is good."
"Customers use the product for scanning purposes and do not want to be restricted with respect to the number of scans they perform."
"This is a product that I recommend and my advice for anybody who is interested in trying it, there is a free 60-day trial period where they will fix your problems without any payment."
"Rapid7 InsightAppSec is a good product for dynamic application security testing, providing neat reports that include validation actions and helping to generate web application firewall rules for web applications."
"You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."
"When considering DAST, it is not attributed to a singular feature but rather the capabilities of the engine that provides a genuine penetration testing experience and delivers insightful reports."
"The automatic automation of the automated authorization to the SCANNET environment is valuable."
"If a company needs an effective product for web scanning, I can recommend this product."
 

Cons

"Support response times are slow and can be improved."
"It needs better integration with mobile applications."
"This price of this solution is a little bit expensive."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"The enterprise interface is too simple. It should be more customizable."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"There is room for improvement in the response time of customer service and support levels."
"The number of web applications we can scan is limited."
"The technical support from Rapid7 is not bad, but the response time can be quite slow sometimes."
"The performance can be improved."
"The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec."
"I would like more details of what the product can do."
"Currently, InsightAppSec lacks similar functionality. Customers must wait for remediation during the developers' preparation of a new version."
"We get a lot of false positives during the tests."
 

Pricing and Cost Advice

"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
"The licensing cost depends on the number of users."
"The price is pretty fair."
"AppSpider is closed-source software and you need to acquire a license in order to use it."
"I'm not sure how much it costs exactly, but I know it's expensive."
"The price of this product is very cheap."
"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."
"Its price is competitive. It is not expensive."
"Rapid7 InsightAppSec is cheap."
"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
903,118 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
11%
University
10%
Financial Services Firm
10%
Construction Company
7%
Manufacturing Company
13%
Financial Services Firm
10%
Construction Company
9%
Government
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise2
Large Enterprise1
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise2
Large Enterprise5
 

Questions from the Community

What is your experience regarding pricing and costs for Rapid7 AppSpider?
The price is not high, but for Japanese customers, localization may incur additional costs.
What needs improvement with Rapid7 AppSpider?
For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users.
What is your primary use case for Rapid7 AppSpider?
Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments.
What needs improvement with Rapid7 InsightAppSec?
Customers sometimes experience issues with performance. One thing that I recall is that most customers often want to have reporting as per their customized dashboard. This needs to be improved beca...
What is your primary use case for Rapid7 InsightAppSec?
I usually recommend this solution for financial institutions. Banks and financial institutions need this solution mostly because they have to follow stringent compliance advisory requirements, so t...
What advice do you have for others considering Rapid7 InsightAppSec?
I have not heard any complaints. I do not have any recommendations because customers were initially worried about the number of scans they used to perform, and now it has been enhanced or it will s...
 

Also Known As

AppSpider
InsightAppSec
 

Overview

 

Sample Customers

Microsoft
CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Static Application Security Testing (SAST). Updated: June 2026.
903,118 professionals have used our research since 2012.