Try our new research platform with insights from 80,000+ expert users

Rapid7 InsightAppSec pros and cons

Vendor: Rapid7

4.1 out of 5

18 reviews
94% willing to recommend

138 followers

Pros & Cons summary

Rapid7 InsightAppSec offers a 20% reduction in mean time to respond to threats, easy 30-minute setup, and web application testing via templates. It supports regulatory compliance but needs enhancement in reporting and scan configuration management. Limited templates and scanning capabilities in mobile and SaaS applications require attention. Improved integration with ticketing systems and WAF solutions is desirable, alongside refining false positive detection and addressing inadequate phishing page detection.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Rapid7 InsightAppSec allows users to decrease response time to threats by 20%.

The tool is known for its easy setup and quick deployment, typically within 30 minutes.

Users find the templates feature very intuitive, simplifying the process of running web application attacks and receiving detailed reports.

The attack modules include an Attack Replay feature which benefits developers by enabling them to reproduce and analyze attacks.

The tool offers valuable dynamic application security scanning with templates and customization, supporting both external and internal applications without needing additional server resources, making it time-efficient and cost-effective.

CONS

InsightAppSec's reporting needs improvement for better usability and detail, requiring enhancements such as extra columns on reports and exporting options in CSV format.

The scan configuration management requires enhancement, as it currently replaces previous settings instead of adding new configurations.

There is room for improvement in security testing capabilities by incorporating more techniques and options, such as aligning more closely with the MITRE ATT&CK framework.

InsightAppSec should enhance its dynamic scanning to include mobile applications and should consider the SaaS scanning feature to be more comprehensive.

Improvement is needed in integration capabilities with systems like ticketing solutions and WAF, alongside enhancing static and interaction analysis.

Rapid7 InsightAppSec Pros review quotes

Nixon Bagalkoti

Cyber Security Lead at a printing company with 201-500 employees

Aug 17, 2022

You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well.

Read full review

NF

Natthapong Fongsin

Assistant Technical Manager at a tech services company with 1,001-5,000 employees

Jun 15, 2020

The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset.

Read full review

Cyber Security Trainer and Programmer at Freelancer

Mar 4, 2024

In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions.

Read full review

Rapid7 InsightAppSec

Free Report: Rapid7 InsightAppSec Reviews and More

Learn what your peers think about Rapid7 InsightAppSec. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.

847,862 professionals have used our research since 2012.

reviewer2019150

AppSec Engineer at a computer software company with 201-500 employees

Nov 25, 2022

The most valuable feature of this solution is the graphical interface.

Read full review

RB

Senior IT Security Specialist at KNIPPERX INC.

Jul 28, 2023

It is a very robust solution.

Read full review

MT

Cyber Security Division Manager at 3SC Security Solutions Services and Consultant

Dec 7, 2020

It uses a signature-based method to check for problems with your code and will provide an alert if anything is found.

Read full review

Krzysztof Witko

IT Security Engineer at a financial services firm with 51-200 employees

Sep 20, 2022

The solution is stable.

Read full review

Senior Cybersecurity Solutions Engineer at Trillium Information Security Systems

Jun 7, 2024

Dynamic application security scanning provides predefined templates and supports customization. The ability to scan external and internal applications, including on-premises ones, is precious. Additionally, it is a cloud platform, so we don't need to deploy servers or resources. This makes it time-efficient and cost-effective.

Read full review

DS

Cyber Security Architect at a healthcare company with 11-50 employees

Nov 14, 2022

It's very easy to use and user-friendly. It does the job.

Read full review

MK

Head of Infrastructure at Pearl Data Direct

Feb 25, 2025

When considering DAST, it is not attributed to a singular feature but rather the capabilities of the engine that provides a genuine penetration testing experience and delivers insightful reports.

Read full review

Show 7 more reviews (out of 17)

Rapid7 InsightAppSec Cons review quotes

Nixon Bagalkoti

Cyber Security Lead at a printing company with 201-500 employees

Aug 17, 2022

When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved.

Read full review

NF

Natthapong Fongsin

Assistant Technical Manager at a tech services company with 1,001-5,000 employees

Jun 15, 2020

The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions.

Read full review

Cyber Security Trainer and Programmer at Freelancer

Mar 4, 2024

Rapid7 InsightAppSec needs improvement in detecting phishing pages.

Read full review

Rapid7 InsightAppSec

Free Report: Rapid7 InsightAppSec Reviews and More

Learn what your peers think about Rapid7 InsightAppSec. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.

847,862 professionals have used our research since 2012.

reviewer2019150

AppSec Engineer at a computer software company with 201-500 employees

Nov 25, 2022

The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec.

Read full review

RB

Senior IT Security Specialist at KNIPPERX INC.

Jul 28, 2023

The number of web applications we can scan is limited.

Read full review

MT

Cyber Security Division Manager at 3SC Security Solutions Services and Consultant

Dec 7, 2020

In the future, if they can have integration with a lot of ticketing systems then it would be amazing.

Read full review

Krzysztof Witko

IT Security Engineer at a financial services firm with 51-200 employees

Sep 20, 2022

We'd like to see integrations with WAF solutions.

Read full review

Senior Cybersecurity Solutions Engineer at Trillium Information Security Systems

Jun 7, 2024

The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications and should also cover mobile applications, including firmware recommendations.

Read full review

DS

Cyber Security Architect at a healthcare company with 11-50 employees

Nov 14, 2022

They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity.

Read full review

MK

Head of Infrastructure at Pearl Data Direct

Feb 25, 2025

The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports.

Read full review

Show 7 more reviews (out of 17)

Product Categories

Product Categories

Dynamic Application Security Testing (DAST)

Popular Comparisons

Popular Comparisons

HCL AppScan vs Rapid7 InsightAppSec

Fortify WebInspect vs Rapid7 InsightAppSec

Invicti vs Rapid7 InsightAppSec

PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec

AppCheck vs Rapid7 InsightAppSec

See all alternatives

Product Categories

Product Categories

Dynamic Application Security Testing (DAST)

Popular Comparisons

Popular Comparisons

HCL AppScan vs Rapid7 InsightAppSec

Fortify WebInspect vs Rapid7 InsightAppSec

Invicti vs Rapid7 InsightAppSec

PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec

AppCheck vs Rapid7 InsightAppSec

See all alternatives

Related questions

6

When evaluating Dynamic Application Security Testing (DAST), what aspect do you think is the most important to look for?

4

Why is Dynamic Application Security Testing (DAST) important for companies?