Rapid7 AppSpider Reviews

We primarily use the solution for compliance control. Our clients prefer to be audited several times a year.

The reporting on the solution is very good. You can choose between pulling a full report or a brief report if you like. It will show, in each section, if it passed or failed. If you utilize the full report, you'll get an explanation as to why it passed or failed as well, for example, each PCI DSS item will be marked as N/A, Passed or Failed (with details in full report).

The solution scans everything, including sub-domains that were not specified.

The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product.

The solution is very portable and light.

There are some reports that are not so good. They could provide scanning or compliance on some of them.

The solution is too slow. It could take a full day to scan. Competitors are much faster.

The solution is very stable because it generates its own internal data. All logs in a dedicated scan go onto one local database (Microsoft Access database format), and in a separate folder, and you can go there after a year, or two, or more, and just look inside for the index.html to open power of analysis, drill down, filter and report abilities that still work outside the main program.

We have a well-trained employee and access to distributors, so we've never dealt with technical support directly.

We did use a different solution, but we wanted to try this product and so far we really like it.

The initial setup isn't too complex. It's fairly typical. However, when you need some authentification on the page, it could get difficult. Therefore, it's best if you have someone on the team that's familiar with the installation process.

We handled the implementation ourselves. We both sell and use the solution.

We use the on-premises deployment model. I personally prefer the on-premises version over the cloud version.

I'd recommend the solution, but only the on-premises deployment model as it's very portable and can reside on your workstation. You can use it to provide reports without having to be connected to the internet.

I'd rate the solution eight out of ten.

We use this solution for web application security testing. The Rapid7 AppSpider solution deployment project has come to address an organizational need that complies with the ISO27001 standard with the integration of the solution in the vulnerability management processes as well as the change management process in its phase audit before going into production.

All of our solutions are on-premises because are regulatory requirements state that they must be in order to comply with security. They do not want data to be available on the cloud in different parts of the world, so it must not leave the country.

The most valuable feature is the reporting, which is compliant with international standards. This solution will notify us about different RPGs, including the critical ones, and can report on risk or measure risk. Once we have this information then we can relay it to our internal developers.

This solution performs well and is very efficient.

This price of this solution is a little bit expensive. The average cost is still good for us because our budget is more open to security solutions. We need twenty-four-hour security because we are a bank.

In terms of stability, this is a very good solution.

This is a scalable solution.

The technical support for this solution is responsive.

I have used Nessus in the past, and the performance of Rapid7 is better.

The initial setup of this solution is not complex, and it is easy to implement.

We needed to install the virtual machine and the virtual service, which is recommended by Rapid7. The deployment took approximately one week. After this, integration all of our applications took approximately one month.

Two people are required for maintenance. There is me, and then my backup when I am not available.

We have an integrator that assisted us with the implementation. Their name is Nevo Technologies and they are in Morocco, with headquarters in the US.

Three engineers worked on the deployment.

We did not evaluate other options before choosing this solution.

This solution is a leader in the industry.

The reporting is really important for us. We are certified and we are compliant.

We needed both AppSpider and Nexpose to complete for our requirements. It also has another useful module called Metasploit.

My advice is that everybody should try this solution. It's excellent.

I would rate this solution a ten out of ten.

We put Rapid7 AppSpider on the application scans for our network.

The identification mechanism can enhance each scan through consideration options. These can be enhanced in terms of identifications and the parameters.

Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements.

Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan.

The stability of Rapid7 AppSpider is good. 

The scalability for the product works very well.

The tech support from Rapid7 AppSpider is good. They contact us online in case of any open issues.

The initial setup is straightforward.

All aspects of Rapid7 AppSpider are good. On a scale from one to ten, I would rate this product an eight.

I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us.

The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great.

It has good features.