Rapid7 AppSpider Review

Scan web applications for vulnerabilities and automate testing with various engines


What is our primary use case?

The customer that I handle right now uses AppSpider to scan web applications for vulnerabilities and application testing.  

What is most valuable?

For AppSpider there is more than one valuable feature. The distribution is good. With one console dashboard, we can integrate with one, two, or three different engines. When it is set up, each engine can do scanning on all of the web apps automatically.  

The integration is also good when it is available. For example, we are using selenium to record usernames and passwords. Then we use selenium recording to automate the login and scanning of the apps. These are only two of the things that make AppSpider easy to work with.  

What needs improvement?

AppSpider could improve in the area of integration. They need to add more opportunities. The documentation about integration with AppSpider is bad news and some integrations are quite difficult to do right now. It would be nice if we had a simple resource where we could look up on the internet what they are set up to integrate with. Some products will not currently integrate with AppSpider.   

The interface of the enterprise product is a bit too simple. It would be good if there were options for customizing the views more like a dashboard.  

For how long have I used the solution?

I do pre-sales for Rapid7 solutions and I have been doing that for around one or two years. I do not work with AppSpider day-to-day as part of my job, but I am doing presentations, POC (Proof of Concept), and I do some installations for our customers.  

For Rapid7, I also work with InsightVM and Metasploit doing presentations, POC, and installations for customers. We are a distributor for Rapid7 products.  

What do I think about the stability of the solution?

Because we are only using the product during POC and testing and not using it day-to-day, we do not test the stability under higher usage. Because of that, it is hard to judge stability accurately.  

What do I think about the scalability of the solution?

I do not have a lot of experience with the scalability of the product. I think it is scalable because it is easy to do a distribution installation. The ability to use just one dashboard to employ more than one engine is good. I think that shows the processes are scalable.  

Right now our clients are mostly medium enterprise businesses. We have not had the opportunity to scale to many larger organizations.  

How are customer service and technical support?

For InsightVM the technical support from Rapid7 has been good. If we create a ticket, we get feedback. But right now, one of our customers is a big telco in Indonesia. They are having a problem with an upgrade to Nexpose. The problem has remained unresolved for around one month already. The support only responded by saying that they will try to resolve this issue within six months. They suggested for us to upgrade to the next Nexpose already, but it still not resolved right now. Our customer is left still using the old Nexpose. It is not a good situation.  

How was the initial setup?

To do the installation and initial setup is easy, I think. To use the app is where you need to have an expert in using the product. Even though I have had some experience with AppSpider and I do presentations, I think I still need more time to explore the product to understand it better. 

What other advice do I have?

On a scale of one to ten (where one is the worst and ten is the best), I would rate Rapid7 AppSpider as a seven or eight-out-of-ten.  

**Disclosure: My company has a business relationship with this vendor other than being a customer: distributor
More Rapid7 AppSpider reviews from users
...who compared it with PortSwigger Burp
Add a Comment
Guest