Try our new research platform with insights from 80,000+ expert users
Rapid7 InsightAppSec Logo

Rapid7 InsightAppSec pros and cons

Vendor: Rapid7
4.3 out of 5
135 followers
Post review

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Initial setup and deployment of Rapid7 InsightAppSec is quick and simple, generally taking around 30 minutes.
Features like Attack Replay allow users to reproduce attacks to better understand and address vulnerabilities.
Rapid7 InsightAppSec employs a signature-based method to identify code issues and alert users.
Offers dynamic application security scanning with both predefined templates and customization options.
Operates on a cloud platform, eliminating the need for local server deployment and reducing time and cost implications.

CONS

Rapid7 InsightAppSec's reporting needs improvement, particularly in making widgets more user-friendly and providing better instructions.
There are limited templates for testing different types of security, and the addition of techniques in line with the MITRE ATT&CK framework and tools like Veracode and Synopsys is needed.
Managing scan configurations for recurring projects is problematic, as the current setup replaces rather than adds configurations.
Static analysis and interactivity analysis are basic and should be expanded to cover more sophisticated assessments.
There is a limitation in the number of web applications that can be scanned, and the pricing could be more flexible.
 

Rapid7 InsightAppSec Pros review quotes

Nixon Bagalkoti - PeerSpot reviewer
Aug 17, 2022
You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well.
NF
Jun 15, 2020
The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset.
Vikas Dusa - PeerSpot reviewer
Mar 4, 2024
In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions.
Learn what your peers think about Rapid7 InsightAppSec. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
reviewer2019150 - PeerSpot reviewer
Nov 25, 2022
The most valuable feature of this solution is the graphical interface.
RB
Jul 28, 2023
It is a very robust solution.
MT
Dec 7, 2020
It uses a signature-based method to check for problems with your code and will provide an alert if anything is found.
KW
Sep 20, 2022
The solution is stable.
Aakash Shankar - PeerSpot reviewer
Jun 7, 2024
Dynamic application security scanning provides predefined templates and supports customization. The ability to scan external and internal applications, including on-premises ones, is precious. Additionally, it is a cloud platform, so we don't need to deploy servers or resources. This makes it time-efficient and cost-effective.
DS
Nov 14, 2022
It's very easy to use and user-friendly. It does the job.
MG
Mar 11, 2019
We have seen measurable decrease in the mean time to respond to threats by 20 percent.
 

Rapid7 InsightAppSec Cons review quotes

Nixon Bagalkoti - PeerSpot reviewer
Aug 17, 2022
When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved.
NF
Jun 15, 2020
The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions.
Vikas Dusa - PeerSpot reviewer
Mar 4, 2024
Rapid7 InsightAppSec needs improvement in detecting phishing pages.
Learn what your peers think about Rapid7 InsightAppSec. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
reviewer2019150 - PeerSpot reviewer
Nov 25, 2022
The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec.
RB
Jul 28, 2023
The number of web applications we can scan is limited.
MT
Dec 7, 2020
In the future, if they can have integration with a lot of ticketing systems then it would be amazing.
KW
Sep 20, 2022
We'd like to see integrations with WAF solutions.
Aakash Shankar - PeerSpot reviewer
Jun 7, 2024
The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications and should also cover mobile applications, including firmware recommendations.
DS
Nov 14, 2022
They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity.
MG
Mar 11, 2019
I would like more details of what the product can do.