Rapid7 AppSpider Reviews

Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments.

One of the most valuable features of AppSpider is its broad range of authentication identification, which is a key reason for its utilization. Additionally, the crawling technology is very good and customizes well for customer solutions.

I am using Rapid7 AppSpider for vulnerability assessment.

The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way.

AppSpider is primarily intended for web application scanning, and it provides me with the ability to scan all of our web apps for vulnerabilities. It is also able to scan the application APIs, where we can actually log into the web application and then scan the whole interface. I typically only use it once or twice a month, and mainly for basic web app scanning.

Previously, I was working at a bank but I have now switched to a position as Head of Security within the FinTech industry, where I am managing our company's entire security portfolio. Right now, it's still a startup environment but we're a growing company and we also use a range of other security tools that we recently procured, with more tools in the pipeline. For example, for our SIEM solution, we are using Wazuh, an open source SIEM platform, and we are also using the security operating system Kali Linux.

What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions. I wouldn't say it is extraordinary, but it serves our purposes well.

AppSpider is primarily used to scan web applications. It scans all the components developed within a web application. It's used for various purposes related to web application security.

One of the most valuable features is a replay attack. The feature identifies vulnerabilities in the web application and makes changes in the code to address identified vulnerabilities.

The customer that I handle right now uses AppSpider to scan web applications for vulnerabilities and application testing.  

For AppSpider there is more than one valuable feature. The distribution is good. With one console dashboard, we can integrate with one, two, or three different engines. When it is set up, each engine can do scanning on all of the web apps automatically.  

The integration is also good when it is available. For example, we are using selenium to record usernames and passwords. Then we use selenium recording to automate the login and scanning of the apps. These are only two of the things that make AppSpider easy to work with.  

We use this solution for web application security testing. The Rapid7 AppSpider solution deployment project has come to address an organizational need that complies with the ISO27001 standard with the integration of the solution in the vulnerability management processes as well as the change management process in its phase audit before going into production.

All of our solutions are on-premises because are regulatory requirements state that they must be in order to comply with security. They do not want data to be available on the cloud in different parts of the world, so it must not leave the country.

The most valuable feature is the reporting, which is compliant with international standards. This solution will notify us about different RPGs, including the critical ones, and can report on risk or measure risk. Once we have this information then we can relay it to our internal developers.

This solution performs well and is very efficient.

We primarily use the solution for compliance control. Our clients prefer to be audited several times a year.

The reporting on the solution is very good. You can choose between pulling a full report or a brief report if you like. It will show, in each section, if it passed or failed. If you utilize the full report, you'll get an explanation as to why it passed or failed as well, for example, each PCI DSS item will be marked as N/A, Passed or Failed (with details in full report).

The solution scans everything, including sub-domains that were not specified.

The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product.

The solution is very portable and light.

AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines. Its internal analytics and customizations are also good. 

AppSpider has some problems with the RAM needed while scanning. There are also a lot of options, which can make it difficult to configure the system to get the results you want.