Senior Cybersecurity Solutions Engineer at Trillium Information Security Systems
Real User
Top 20
2024-06-07T06:59:00Z
Jun 7, 2024
The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications, but it should also cover mobile applications, including firmware recommendations.
Cyber Security Architect at a healthcare company with 11-50 employees
Real User
2022-11-14T17:20:06Z
Nov 14, 2022
They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity.
We'd like to see integrations with WAF solutions. That could be improved. Rapid7 has a new solution to test a secure application and integrate with the secure application, however, sometimes, our customer has a Web Application Firewall externally.
Cyber Security Lead at a printing company with 201-500 employees
Real User
2022-08-17T10:37:03Z
Aug 17, 2022
Scanning can be better. When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved. They need to work on the user interface and management of all the projects. Their support can also be improved a little. They should also focus on a wider integration scale and end-to-end scanning.
Cyber Security Division Manager at 3SC Security Solutions Services and Consultant
Real User
2020-12-07T20:53:37Z
Dec 7, 2020
The performance can be improved. I would like a facility to monitor applications after they have been scanned. For example, when new programming is done, an application should be scanned again because sometimes they add a lot of pages and can affect it. The application should be monitored to protect you from future attacks or mistakes made by the developer team. In the future, if they can have integration with a lot of ticketing systems then it would be amazing. This would mean that if you're using any ticketing system, then because the application is already integrated with it, and if there's an issue with the web application, it will automatically open a support ticket for the development team.
Assistant Technical Manager at a tech services company with 1,001-5,000 employees
Real User
2020-06-15T07:34:15Z
Jun 15, 2020
The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions. The solution needs to have a softcore scan or scan that integrates better with the content.
Secury Administrator at a comms service provider with 1,001-5,000 employees
Real User
2019-03-11T07:21:00Z
Mar 11, 2019
I would like more details of what the product can do. For the new vulnerabilities and information which comes out, I would like to see them do some specific in-house application testing for companies who do their own application development.
Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other...
The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications, but it should also cover mobile applications, including firmware recommendations.
Rapid7 InsightAppSec needs improvement in detecting phishing pages.
We get a lot of false positives during the tests.
The product’s pricing could be flexible compared to Acronis.
The number of web applications we can scan is limited. There's a cost associated with how many web apps we want to scan.
They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity.
We'd like to see integrations with WAF solutions. That could be improved. Rapid7 has a new solution to test a secure application and integrate with the secure application, however, sometimes, our customer has a Web Application Firewall externally.
Scanning can be better. When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved. They need to work on the user interface and management of all the projects. Their support can also be improved a little. They should also focus on a wider integration scale and end-to-end scanning.
The performance can be improved. I would like a facility to monitor applications after they have been scanned. For example, when new programming is done, an application should be scanned again because sometimes they add a lot of pages and can affect it. The application should be monitored to protect you from future attacks or mistakes made by the developer team. In the future, if they can have integration with a lot of ticketing systems then it would be amazing. This would mean that if you're using any ticketing system, then because the application is already integrated with it, and if there's an issue with the web application, it will automatically open a support ticket for the development team.
I find the AppSec interface for defining scans and targets a bit confusing at first, but with practice the logic of the operation flow is understood.
The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions. The solution needs to have a softcore scan or scan that integrates better with the content.
I would like more details of what the product can do. For the new vulnerabilities and information which comes out, I would like to see them do some specific in-house application testing for companies who do their own application development.