What is our primary use case?
We use this solution for web application security testing. The Rapid7 AppSpider solution deployment project has come to address an organizational need that complies with the ISO27001 standard with the integration of the solution in the vulnerability management processes as well as the change management process in its phase audit before going into production.
All of our solutions are on-premises because are regulatory requirements state that they must be in order to comply with security. They do not want data to be available on the cloud in different parts of the world, so it must not leave the country.
What is most valuable?
The most valuable feature is the reporting, which is compliant with international standards. This solution will notify us about different RPGs, including the critical ones, and can report on risk or measure risk. Once we have this information then we can relay it to our internal developers.
This solution performs well and is very efficient.
What needs improvement?
This price of this solution is a little bit expensive. The average cost is still good for us because our budget is more open to security solutions. We need twenty-four-hour security because we are a bank.
For how long have I used the solution?
We have been using this solution for six months.
What do I think about the stability of the solution?
In terms of stability, this is a very good solution.
What do I think about the scalability of the solution?
This is a scalable solution.
How are customer service and technical support?
The technical support for this solution is responsive.
Which solution did I use previously and why did I switch?
I have used Nessus in the past, and the performance of Rapid7 is better.
How was the initial setup?
The initial setup of this solution is not complex, and it is easy to implement.
We needed to install the virtual machine and the virtual service, which is recommended by Rapid7. The deployment took approximately one week. After this, integration all of our applications took approximately one month.
Two people are required for maintenance. There is me, and then my backup when I am not available.
What about the implementation team?
We have an integrator that assisted us with the implementation. Their name is Nevo Technologies and they are in Morocco, with headquarters in the US.
Three engineers worked on the deployment.
Which other solutions did I evaluate?
We did not evaluate other options before choosing this solution.
What other advice do I have?
This solution is a leader in the industry.
The reporting is really important for us. We are certified and we are compliant.
We needed both AppSpider and Nexpose to complete for our requirements. It also has another useful module called Metasploit.
My advice is that everybody should try this solution. It's excellent.
I would rate this solution a ten out of ten.