Rapid7 InsightAppSec Reviews

We use it as a web application scanner. It runs a ton of different detections and tests against our web applications and provides us with results. It connects directly with our SDLC for an API. We can automate the scanning of a web application during the development process when it changes from development to test and test to production.

I like that the product allows us to have an internal and external scanner. We can authenticate scans and pick and choose which attacks we want to use. It is a very robust solution.

The number of web applications we can scan is limited. There's a cost associated with how many web apps we want to scan.

I have been using the solution for a year.

I have not had any issues. For over a year, the tool has not been down.

The tool is completely cloud-based. So, the scalability is fine for external scanning. For internal scanning, we must create another scanner on our internal network. We can scale it at mass.

The support is great. The problem with the support team is that it does not have a calling number. The best way to get a hold of the support team is by contacting the customer success manager and getting somebody in the support team. We could open a ticket, but we cannot call. Sometimes, I want to be able to just call somebody. I don't want to put a ticket in and wait for a response. The support team is responsive.

Neutral

We used Qualys before. Rapid7 is better than Qualys.

The initial setup is quite simple. I rate the ease of setup a nine out of ten. We can just connect to the web application and access our site. We can get it up and running within 20 minutes.

The solution does not require maintenance since it is SaaS-based.

Rapid7 just came out with a new package called Cloud Risk Complete, which gives us unlimited insight into scanning and unlimited AppSec scanning. It also gives us InsightCloudSec.

The product can do everything. We are struggling to get our DevOps team to commit to utilizing our web application scanners. We are siloed with it.

Overall, I rate the product an eight out of ten.

They have you using this for your endpoint assets with AppSec, and inside AppSec there's a feature connected to all the applications, so you can check for vulnerability and it'll give you information about the event, a description, and location.

We have weekly scans going within Rapid7, and it's really seamless.

The most valuable feature of this solution is the graphical interface. It's pretty good, I would rate it a four out of five. Because even, for example, to go and find how to reach your support, let's say you have a ticket, or you want to open for discussion, or you have a question or there's something wrong and you have to create a ticket. 

But even to create the ticket, it's not really seamless to find because they have changed their website around. But besides that, it's pretty easy, 

I would say four out of five, like I said, to kind of go around their app. It's not too, too difficult, but it's not the easiest.

The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec. 

You can prepare a report, for example, but even inside the report, you must have some knowledge of Rapid7 and know how to explore certain vulnerabilities.

Out of five, I would rate Rapid7 a 3.5.

I have been working with Rapid7 InsightAppSec for five years.

Rapid7 InsightAppSec is quite stable. There are no outages.

It is one of the popular players.

Even with their support, I feel like their support is lacking. I don't think it's much support as compared to other tools. 

You create a ticket, and it appears that you are deciding when the engineers will work with me. I feel like the customer has to push to get that quality service from them.

I did not originally set it up. 

All of the projects that I have had with Rapid7 have already had it set up in that environment, but I believe once it's set up, they work with you to get it set up in your environment. That is my understanding.

I'm not sure how much it costs exactly, but I know it's expensive.

I would absolutely suggest that you Google, Rapid7 competitors, you will probably find another tool that is a little bit cheaper and has the same features and capabilities.

I would rate Rapid7 InsightAppSec an eight out of ten.

We use Rapid7 InsightAppSec to fetch the vulnerabilities in the web application. We can get insights on missing codes in the configurations as well.

The product’s most valuable feature is UI. It is easy to manage and find vulnerabilities in the application.

The product’s pricing could be flexible compared to Acronis.

We have been using Rapid7 InsightAppSec for seven months.

I rate the product’s stability an eight out of ten. Some functions could be included in the essential version rather than the advanced version.

It is a scalable platform. It is suitable for medium and large enterprises.

The initial setup is simple. It is deployed in cloud and hybrid environments.

I rate Rapid7 InsightAppSec’s pricing an eight out of ten.

I rate Rapid7 InsightAppSec a nine out of ten.

We use the solution for testing before deployment on customers and looking for some issues when customers need to verify the problem with using that product. Basically, it's for testing before deployment. 

AppSec is a Software as a Service. So we don't need to upgrade it.

It is easy to use and deploy to the customer.

The recorder for the login sequence to the customer application is great.

The solution is stable.

It is very easy to scale. Users can expand it if they need to.

We'd like to see integrations with WAF solutions. That could be improved. 

Rapid7 has a new solution to test a secure application and integrate with the secure application, however, sometimes, our customer has a Web Application Firewall externally.

I've been using the solution for three years. I've used it for a while now. 

The stability has been very good. I would rate it five out of five in terms of reliability. It doesn't crash or freeze. There are no bugs or glitches. The performance is good. 

It's quite simple to scale the product. You just have to define a new application, and that's all. I'd rate it five out of five in terms of ease of deployment. 

Three of us are using the solution right now. 

Technical support has been very helpful and responsive. We are satisfied with their level of support.

Positive

The initial setup is very straightforward and simple. It's not a complex process. 

We only need three people to deploy the solution.

The process only takes a few days. It depends on the number of secured applications of the customer. When the customer has a small setup, it's faster.  

We only need one or maybe two people to maintain the solution. 

We provide deployments for customers. We can handle implementations. 

I'm on the technical side and therefore do not directly deal with costs or licensing. I'm not sure how much we pay or what the licensing agreement is.

We're a partner. 

We support our customers with products from Rapid7 and Tenable. We provide support to our clients.

I'd rate the solution nine out of ten. 

We use the product for dynamic application security testing. 

It is very convenient to get reports from the tool, which offers high-level environmental statistics. 

We get a lot of false positives during the tests. 

Rapid7 InsightAppSec's scalability is good. 

You will get good support if you pay for good licensing options. It depends on the vendors. 

Neutral

The tool's deployment is straightforward. 

I rate Rapid7 InsightAppSec a seven out of ten. 

We are using it to scan code. We have developers who write a lot of web applications. We use InsightAppSec to scan them. When an application is running, it goes through the application and identifies any faults.

It's very easy to use and user-friendly. It does the job.

They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity.

I've been using it for almost a year.

It's very stable. There are no challenges.

It's scalable. In terms of its usage, we just have one license, which is being used by a developing team with 20 developers. We don't need to have a lot of licenses. Once the code is done, we need to just put it in a common place and then scan it. So, we have just one license for it.

They're very knowledgeable. They respond fast. They were able to help me. I would rate them a five out of five.

Positive

I've used HCL AppScan. AppScan does a lot more. It looks at static analysis. It looks at the code when it's not being executed and when it's executing. It also looks at interactivity. The only problem with AppScan is that it's a bit expensive because, for each scan, you need to pay. You need to get a license for each scan. So, every time I scan, it becomes a bit more expensive. That's the only reason why we went with InsightAppSec.

It's straightforward. I would rate its setup a five out of five in terms of ease.

Its price is competitive. It is not expensive.

You need to understand its capabilities. It has good capabilities, but its capabilities and features can be improved. 

I would rate it an eight out of ten. 

We primarily used the solution to help us with analysis on our customer website. We also used it for our internal website in order to check security.

The way the solution arranged the web scanning was the most valuable aspect for us.

The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions. 

The solution needs to have a softcore scan or scan that integrates better with the content.

In total, I've used the solution for about one year.

The solution is stable. It's good in terms of stability. That's not really any cause for concern. For users, if the internet connection becomes an issue, they will run into problems. If the internet is interrupted, they will have to re-scan. For us, we had some issues and had to reconfigure part of the scan. I'm not sure if the bandwidth of the internet was an issue on our side (in the office) or if something was happening with Rapid7. 

It's quite easy to scale up for businesses that need to grow out the product. Users can just buy more licenses. It's quite easy, but of course, it will cost more. That would be the only prohibitive factor for some people or companies.

We would sometimes need to reach out to technical support. This was only in instances when the product would crash or come down. Overall, I can say they were pretty good. We didn't have any issues with them and always found them helpful.

We haven't used a similar product to Rapid7. This was our first time using this type of technology, so we have nothing to compare it to.

The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset.

One or two people handled the deployment process. You don't need too many people or too many work hours to get everything up and running.

We didn't need any outside help. Our company is quite technical and we have an IT engineer as part of the team. We have the knowledge in-house to handle implementations in general.

We had a yearly license for a team of five or six people. I'm not sure what the cost was for Rapid7 overall as I don't handle the finances in my company.

I'm not sure of what version of the solution we had been using at our organization previously. As of right now, the license has expired on Rapid7. We haven't been using it for about one month. It hasn't been too long since we stopped with regular usage.

We used Rapid7's cloud when we were running the program.

We had a team of about five or six people that had access to the product when we were using it.

If a company needs an effective product for web scanning, I can recommend this product. It's a great product. We found it to be quite effective in that regard. However, it did not help us to understand the web availability. This was something it lacked.

I would rate the solution eight out of ten.

We use Rapid7 for application security. We use it ourselves and we also provide services for our customers. The primary use is for checking security assessments of web applications. If you need code scanning or API integration, then AppSec provides these options.

This product is easy to use.

It uses a signature-based method to check for problems with your code and will provide an alert if anything is found. It will also give recommendations as to how to fix the issues.

The performance can be improved.

I would like a facility to monitor applications after they have been scanned. For example, when new programming is done, an application should be scanned again because sometimes they add a lot of pages and can affect it. The application should be monitored to protect you from future attacks or mistakes made by the developer team.

In the future, if they can have integration with a lot of ticketing systems then it would be amazing. This would mean that if you're using any ticketing system, then because the application is already integrated with it, and if there's an issue with the web application, it will automatically open a support ticket for the development team.

I have been working with Rapid7 InsightAppSec for two years.

I have not had any trouble with bugs or glitches.

The scalability is good.

The technical support is amazing. I have been in contact with the local office in Dubai, and they are very good.

It is a cloud-based solution so the initial setup is very simple.

You have an account, so you add the website to the application, and you should add your own website so that it has the authorization to scan your whole application.

The price of this product is very cheap. A trial version is available for 60 days, where the reports and problem fixes are available for free.

This is a product that I recommend and my advice for anybody who is interested in trying it, there is a free 60-day trial period where they will fix your problems without any payment. That will give you the opportunity to experiment with and gain experience scanning web applications.

I would rate this solution a ten out of ten.