Try our new research platform with insights from 80,000+ expert users
Cyber Security Architect at a healthcare company with 11-50 employees
Real User
User-friendly, competitive pricing, and knowledgeable support
Pros and Cons
  • "It's very easy to use and user-friendly. It does the job."
  • "They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity."

What is our primary use case?

We are using it to scan code. We have developers who write a lot of web applications. We use InsightAppSec to scan them. When an application is running, it goes through the application and identifies any faults.

What is most valuable?

It's very easy to use and user-friendly. It does the job.

What needs improvement?

They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity.

For how long have I used the solution?

I've been using it for almost a year.

Buyer's Guide
Rapid7 InsightAppSec
December 2024
Learn what your peers think about Rapid7 InsightAppSec. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

What do I think about the stability of the solution?

It's very stable. There are no challenges.

What do I think about the scalability of the solution?

It's scalable. In terms of its usage, we just have one license, which is being used by a developing team with 20 developers. We don't need to have a lot of licenses. Once the code is done, we need to just put it in a common place and then scan it. So, we have just one license for it.

How are customer service and support?

They're very knowledgeable. They respond fast. They were able to help me. I would rate them a five out of five.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I've used HCL AppScan. AppScan does a lot more. It looks at static analysis. It looks at the code when it's not being executed and when it's executing. It also looks at interactivity. The only problem with AppScan is that it's a bit expensive because, for each scan, you need to pay. You need to get a license for each scan. So, every time I scan, it becomes a bit more expensive. That's the only reason why we went with InsightAppSec.

How was the initial setup?

It's straightforward. I would rate its setup a five out of five in terms of ease.

What's my experience with pricing, setup cost, and licensing?

Its price is competitive. It is not expensive.

What other advice do I have?

You need to understand its capabilities. It has good capabilities, but its capabilities and features can be improved. 

I would rate it an eight out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Cyber Security Division Manager at 3SC Security Solutions Services and Consultant
Real User
Easy to use, amazing technical support, and it provides alerts when problems in code are identified
Pros and Cons
  • "It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."
  • "In the future, if they can have integration with a lot of ticketing systems then it would be amazing."

What is our primary use case?

We use Rapid7 for application security. We use it ourselves and we also provide services for our customers. The primary use is for checking security assessments of web applications. If you need code scanning or API integration, then AppSec provides these options.

What is most valuable?

This product is easy to use.

It uses a signature-based method to check for problems with your code and will provide an alert if anything is found. It will also give recommendations as to how to fix the issues.

What needs improvement?

The performance can be improved.

I would like a facility to monitor applications after they have been scanned. For example, when new programming is done, an application should be scanned again because sometimes they add a lot of pages and can affect it. The application should be monitored to protect you from future attacks or mistakes made by the developer team.

In the future, if they can have integration with a lot of ticketing systems then it would be amazing. This would mean that if you're using any ticketing system, then because the application is already integrated with it, and if there's an issue with the web application, it will automatically open a support ticket for the development team.

For how long have I used the solution?

I have been working with Rapid7 InsightAppSec for two years.

What do I think about the stability of the solution?

I have not had any trouble with bugs or glitches.

What do I think about the scalability of the solution?

The scalability is good.

How are customer service and technical support?

The technical support is amazing. I have been in contact with the local office in Dubai, and they are very good.

How was the initial setup?

It is a cloud-based solution so the initial setup is very simple.

You have an account, so you add the website to the application, and you should add your own website so that it has the authorization to scan your whole application.

What's my experience with pricing, setup cost, and licensing?

The price of this product is very cheap. A trial version is available for 60 days, where the reports and problem fixes are available for free.

What other advice do I have?

This is a product that I recommend and my advice for anybody who is interested in trying it, there is a free 60-day trial period where they will fix your problems without any payment. That will give you the opportunity to experiment with and gain experience scanning web applications.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Rapid7 InsightAppSec
December 2024
Learn what your peers think about Rapid7 InsightAppSec. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Assistant Technical Manager at a tech services company with 1,001-5,000 employees
Real User
Excellent web scanning, good technical support, but lacks decent reporting
Pros and Cons
  • "The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset."
  • "The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions."

What is our primary use case?

We primarily used the solution to help us with analysis on our customer website. We also used it for our internal website in order to check security.

What is most valuable?

The way the solution arranged the web scanning was the most valuable aspect for us.

What needs improvement?

The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions. 

The solution needs to have a softcore scan or scan that integrates better with the content.

For how long have I used the solution?

In total, I've used the solution for about one year.

What do I think about the stability of the solution?

The solution is stable. It's good in terms of stability. That's not really any cause for concern. For users, if the internet connection becomes an issue, they will run into problems. If the internet is interrupted, they will have to re-scan. For us, we had some issues and had to reconfigure part of the scan. I'm not sure if the bandwidth of the internet was an issue on our side (in the office) or if something was happening with Rapid7. 

What do I think about the scalability of the solution?

It's quite easy to scale up for businesses that need to grow out the product. Users can just buy more licenses. It's quite easy, but of course, it will cost more. That would be the only prohibitive factor for some people or companies.

How are customer service and technical support?

We would sometimes need to reach out to technical support. This was only in instances when the product would crash or come down. Overall, I can say they were pretty good. We didn't have any issues with them and always found them helpful.

Which solution did I use previously and why did I switch?

We haven't used a similar product to Rapid7. This was our first time using this type of technology, so we have nothing to compare it to.

How was the initial setup?

The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset.

One or two people handled the deployment process. You don't need too many people or too many work hours to get everything up and running.

What about the implementation team?

We didn't need any outside help. Our company is quite technical and we have an IT engineer as part of the team. We have the knowledge in-house to handle implementations in general.

What's my experience with pricing, setup cost, and licensing?

We had a yearly license for a team of five or six people. I'm not sure what the cost was for Rapid7 overall as I don't handle the finances in my company.

What other advice do I have?

I'm not sure of what version of the solution we had been using at our organization previously. As of right now, the license has expired on Rapid7. We haven't been using it for about one month. It hasn't been too long since we stopped with regular usage.

We used Rapid7's cloud when we were running the program.

We had a team of about five or six people that had access to the product when we were using it.

If a company needs an effective product for web scanning, I can recommend this product. It's a great product. We found it to be quite effective in that regard. However, it did not help us to understand the web availability. This was something it lacked.

I would rate the solution eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Secury Administrator at a comms service provider with 1,001-5,000 employees
Real User
It integrates well with the rest of my systems
Pros and Cons
  • "We have seen measurable decrease in the mean time to respond to threats by 20 percent."
  • "I would like more details of what the product can do."

What is our primary use case?

The primary use case is vulnerability scanning and discovering.

How has it helped my organization?

  • Visibility
  • Realization of how my systems are developed.
  • An identification of vulnerabilities.

What is most valuable?

How it integrates with the rest of my systems. I like how they have done some scanning which is reaching into my environment.

What needs improvement?

I would like more details of what the product can do.

For the new vulnerabilities and information which comes out, I would like to see them do some specific in-house application testing for companies who do their own application development.

For how long have I used the solution?

Three to five years.

How are customer service and technical support?

The technical support is very helpful. I have used them in the last month.

Which solution did I use previously and why did I switch?

Our previous solution was not as robust, so we needed this solution in order to achieve our goals and objectives.

How was the initial setup?

I think the initial setup was straightforward.

What about the implementation team?

We did it ourselves.

What was our ROI?

We have seen measurable decrease in the mean time to respond to threats by 20 percent.

We have seen staff productivity increase by approximately one team member.

Which other solutions did I evaluate?

We were kind of adopted into this because a sister company of ours also had this solution. Therefore, we just integrated and adopted it instead of looking for others.

What other advice do I have?

Give it a try. It exceeds my expectations, and I'm curious to see what else they can release.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Security Analyst at Millennium Technology Group
Real User
Great stable and scalable solution with a very easy templates feature
Pros and Cons
  • "The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great."
  • "The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."

What is our primary use case?

To scan our Web applications.

How has it helped my organization?

Opportunity to find vulnerabilities and procedures of remediation for our web applications,

What is most valuable?

The most common attack templates are easy to access and apply. For example, the OWASP 2017 template contains up to 64 opponent techniques that we can evaluate in our applications.

What needs improvement?

I find the AppSec interface for defining scans and targets a bit confusing at first, but with practice the logic of the operation flow is understood.


For how long have I used the solution?

I have been using this solution for about four to six months.

What do I think about the stability of the solution?

We haven't had any issues about this.

What do I think about the scalability of the solution?

Because is a cloud solution, scalability is not an issue.

How are customer service and technical support?

We have not yet had experience with Insight AppSec support cases.

How was the initial setup?

The initial setup is very easy and straightforward.

What other advice do I have?


Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Rapid7 InsightAppSec Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Rapid7 InsightAppSec Report and get advice and tips from experienced pros sharing their opinions.