To scan our Web applications.
Great stable and scalable solution with a very easy templates feature
Pros and Cons
- "The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great."
- "The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."
What is our primary use case?
How has it helped my organization?
Opportunity to find vulnerabilities and procedures of remediation for our web applications,
What is most valuable?
The most common attack templates are easy to access and apply. For example, the OWASP 2017 template contains up to 64 opponent techniques that we can evaluate in our applications.
What needs improvement?
I find the AppSec interface for defining scans and targets a bit confusing at first, but with practice the logic of the operation flow is understood.
Buyer's Guide
Rapid7 InsightAppSec
April 2025

Learn what your peers think about Rapid7 InsightAppSec. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
849,190 professionals have used our research since 2012.
For how long have I used the solution?
I have been using this solution for about four to six months.
What do I think about the stability of the solution?
We haven't had any issues about this.
What do I think about the scalability of the solution?
Because is a cloud solution, scalability is not an issue.
How are customer service and support?
We have not yet had experience with Insight AppSec support cases.
How was the initial setup?
The initial setup is very easy and straightforward.
What other advice do I have?
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Secury Administrator at a comms service provider with 1,001-5,000 employees
It integrates well with the rest of my systems
Pros and Cons
- "We have seen measurable decrease in the mean time to respond to threats by 20 percent."
- "I would like more details of what the product can do."
What is our primary use case?
The primary use case is vulnerability scanning and discovering.
How has it helped my organization?
- Visibility
- Realization of how my systems are developed.
- An identification of vulnerabilities.
What is most valuable?
How it integrates with the rest of my systems. I like how they have done some scanning which is reaching into my environment.
What needs improvement?
I would like more details of what the product can do.
For the new vulnerabilities and information which comes out, I would like to see them do some specific in-house application testing for companies who do their own application development.
For how long have I used the solution?
Three to five years.
How are customer service and technical support?
The technical support is very helpful. I have used them in the last month.
Which solution did I use previously and why did I switch?
Our previous solution was not as robust, so we needed this solution in order to achieve our goals and objectives.
How was the initial setup?
I think the initial setup was straightforward.
What about the implementation team?
We did it ourselves.
What was our ROI?
We have seen measurable decrease in the mean time to respond to threats by 20 percent.
We have seen staff productivity increase by approximately one team member.
Which other solutions did I evaluate?
We were kind of adopted into this because a sister company of ours also had this solution. Therefore, we just integrated and adopted it instead of looking for others.
What other advice do I have?
Give it a try. It exceeds my expectations, and I'm curious to see what else they can release.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Rapid7 InsightAppSec Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Product Categories
Dynamic Application Security Testing (DAST)Popular Comparisons
HCL AppScan
Fortify WebInspect
PortSwigger Burp Suite Enterprise Edition
AppCheck
Buyer's Guide
Download our free Rapid7 InsightAppSec Report and get advice and tips from experienced pros
sharing their opinions.