Try our new research platform with insights from 80,000+ expert users

Rapid7 InsightAppSec pros and cons

Vendor: Rapid7

4.1 out of 5

19 reviews
94% willing to recommend

Pros & Cons summary

Rapid7 InsightAppSec optimizes threat response times by 20 percent with quick deployment in 30 minutes. It features dynamic application security scanning, supports external and internal applications, but lacks mobile and SaaS functionalities. Users praise its stability and technical support, rating both as ten out of ten. However, it needs better report customization, integration with ticketing systems, and improved detection of complex attacks to reduce false positives, including aligning with the MITRE ATT&CK framework.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

InsightAppSec has helped reduce response time to threats by 20%.

The tool provides predefined templates and customizable features for security scanning, which is valuable for both external and internal applications.

Automatic integration of web applications via CDN is convenient and efficient for accessing vulnerabilities and environmental statistics.

The product deployment process is quick, taking approximately 30 minutes, and it integrates seamlessly without significant challenges.

Technical support is highly rated, providing excellent assistance for users.

CONS

Rapid7 InsightAppSec reporting feature needs improvement as it provides basic reports and requires enhancement to support CSV format for remediation reports.

Rapid7 InsightAppSec should incorporate more comprehensive security testing techniques, such as following the MITRE ATT&CK framework, to enhance the variety of testing options.

Integrations with various ticketing systems and WAF solutions would be beneficial for Rapid7 InsightAppSec users.

The scan configuration management in Rapid7 InsightAppSec needs improvement to maintain previous scan configurations even when new scans are conducted.

The detection capabilities of Rapid7 InsightAppSec could be enhanced to reduce the high rate of false positives, especially in behavioral and pattern recognition.

Rapid7 InsightAppSec Pros review quotes

MG

Secury Administrator at a comms service provider with 1,001-5,000 employees

Mar 11, 2019

We have seen measurable decrease in the mean time to respond to threats by 20 percent.

Read full review

NF

Natthapong Fongsin

Assistant Technical Manager at a tech services company with 1,001-5,000 employees

Jun 15, 2020

The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset.

Read full review

CC

Security Analyst at Millennium Technology Group

Sep 9, 2020

The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great.

Read full review

Rapid7 InsightAppSec

Free Report: Rapid7 InsightAppSec Reviews and More

Learn what your peers think about Rapid7 InsightAppSec. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.

879,711 professionals have used our research since 2012.

MT

Cyber Security Division Manager at 3SC Security Solutions Services and Consultant

Dec 7, 2020

It uses a signature-based method to check for problems with your code and will provide an alert if anything is found.

Read full review

Nixon Bagalkoti

Cyber Security Lead at a printing company with 201-500 employees

Aug 17, 2022

You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well.

Read full review

Krzysztof Witko

IT Security Engineer at a financial services firm with 51-200 employees

Sep 20, 2022

The solution is stable.

Read full review

DS

Cyber Security Architect at a healthcare company with 11-50 employees

Nov 14, 2022

It's very easy to use and user-friendly. It does the job.

Read full review

reviewer2019150

AppSec Engineer at a computer software company with 201-500 employees

Nov 25, 2022

The most valuable feature of this solution is the graphical interface.

Read full review

RB

Senior IT Security Specialist at KNIPPERX INC.

Jul 28, 2023

It is a very robust solution.

Read full review

Linh Trương Mạnh

Product Manager at a computer software company with 11-50 employees

Oct 2, 2023

The product’s most valuable feature is UI. It is easy to manage and find vulnerabilities in the application.

Read full review

Show 8 more reviews (out of 18)

Rapid7 InsightAppSec Cons review quotes

MG

Secury Administrator at a comms service provider with 1,001-5,000 employees

Mar 11, 2019

I would like more details of what the product can do.

Read full review

NF

Natthapong Fongsin

Assistant Technical Manager at a tech services company with 1,001-5,000 employees

Jun 15, 2020

The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions.

Read full review

CC

Security Analyst at Millennium Technology Group

Sep 9, 2020

The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys.

Read full review

Rapid7 InsightAppSec

Free Report: Rapid7 InsightAppSec Reviews and More

Learn what your peers think about Rapid7 InsightAppSec. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.

879,711 professionals have used our research since 2012.

MT

Cyber Security Division Manager at 3SC Security Solutions Services and Consultant

Dec 7, 2020

In the future, if they can have integration with a lot of ticketing systems then it would be amazing.

Read full review

Nixon Bagalkoti

Cyber Security Lead at a printing company with 201-500 employees

Aug 17, 2022

When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved.

Read full review

Krzysztof Witko

IT Security Engineer at a financial services firm with 51-200 employees

Sep 20, 2022

We'd like to see integrations with WAF solutions.

Read full review

DS

Cyber Security Architect at a healthcare company with 11-50 employees

Nov 14, 2022

They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity.

Read full review

reviewer2019150

AppSec Engineer at a computer software company with 201-500 employees

Nov 25, 2022

The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec.

Read full review

RB

Senior IT Security Specialist at KNIPPERX INC.

Jul 28, 2023

The number of web applications we can scan is limited.

Read full review

Linh Trương Mạnh

Product Manager at a computer software company with 11-50 employees

Oct 2, 2023

The product’s pricing could be flexible.

Read full review

Show 8 more reviews (out of 18)

Product Categories

Product Categories

Dynamic Application Security Testing (DAST)

AI Observability

Popular Comparisons

Popular Comparisons

Checkmarx One vs Rapid7 InsightAppSec

Veracode vs Rapid7 InsightAppSec

HCL AppScan vs Rapid7 InsightAppSec

Invicti vs Rapid7 InsightAppSec

OpenText Dynamic Application Security Testing vs Rapid7 InsightAppSec

PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec

Continuous Dynamic (formerly WhiteHat Dynamic) vs Rapid7 InsightAppSec

AppCheck vs Rapid7 InsightAppSec

StackHawk vs Rapid7 InsightAppSec

See all alternatives

Product Categories

Product Categories

Dynamic Application Security Testing (DAST)

AI Observability

Popular Comparisons

Popular Comparisons

Checkmarx One vs Rapid7 InsightAppSec

Veracode vs Rapid7 InsightAppSec

HCL AppScan vs Rapid7 InsightAppSec

Invicti vs Rapid7 InsightAppSec

OpenText Dynamic Application Security Testing vs Rapid7 InsightAppSec

PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec

Continuous Dynamic (formerly WhiteHat Dynamic) vs Rapid7 InsightAppSec

AppCheck vs Rapid7 InsightAppSec

StackHawk vs Rapid7 InsightAppSec

See all alternatives

Related questions

10

When evaluating Dynamic Application Security Testing (DAST), what aspect do you think is the most important to look for?

13

Why is Dynamic Application Security Testing (DAST) important for companies?