Rapid7 AppSpider Review

Great for scanning target sub-domains, good reporting functionality and easy to use


What is our primary use case?

We primarily use the solution for compliance control. Our clients prefer to be audited several times a year.

What is most valuable?

The reporting on the solution is very good. You can choose between pulling a full report or a brief report if you like. It will show, in each section, if it passed or failed. If you utilize the full report, you'll get an explanation as to why it passed or failed as well, for example, each PCI DSS item will be marked as N/A, Passed or Failed (with details in full report).

The solution scans everything, including sub-domains that were not specified.

The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product.

The solution is very portable and light.

What needs improvement?

There are some reports that are not so good. They could provide scanning or compliance on some of them.

The solution is too slow. It could take a full day to scan. Competitors are much faster.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

The solution is very stable because it generates its own internal data. All logs in a dedicated scan go onto one local database (Microsoft Access database format), and in a separate folder, and you can go there after a year, or two, or more, and just look inside for the index.html to open power of analysis, drill down, filter and report abilities that still work outside the main program.

How are customer service and technical support?

We have a well-trained employee and access to distributors, so we've never dealt with technical support directly.

Which solution did I use previously and why did I switch?

We did use a different solution, but we wanted to try this product and so far we really like it.

How was the initial setup?

The initial setup isn't too complex. It's fairly typical. However, when you need some authentification on the page, it could get difficult. Therefore, it's best if you have someone on the team that's familiar with the installation process.

What about the implementation team?

We handled the implementation ourselves. We both sell and use the solution.

What other advice do I have?

We use the on-premises deployment model. I personally prefer the on-premises version over the cloud version.

I'd recommend the solution, but only the on-premises deployment model as it's very portable and can reside on your workstation. You can use it to provide reports without having to be connected to the internet.

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Rapid7 AppSpider reviews from users
...who compared it with PortSwigger Burp
Add a Comment
Guest