What is our primary use case?
We are a distributor for Rapid7 and AppSpider is one of the products that we implement for our clients.
It does a scan that performs about 100 checks on web applications and produces a clear report on all of the vulnerabilities that are found. It is a dynamic scanner.
What is most valuable?
The reporting is very nice. There are many different reports and they include remediation details such as links as to where you can find patches.
It is really accurate and the rate of false positives is very low.
It can be integrated with the software development life cycle, which our customers have found very useful. It also integrates with Jira and other ticketing solutions.
What needs improvement?
With AppSpider, you can scan only one application at a time. If you have AppSpider Enterprise then you can connect one or two more scanners and scan multiple applications at one time.
Support response times are slow and can be improved.
For how long have I used the solution?
I have been working with Rapid7 AppSpider for a month or two.
What do I think about the stability of the solution?
AppSpider is pretty stable.
Which solution did I use previously and why did I switch?
I have tried a couple of open source solutions like Burp Suite but nothing that is in competition with AppSpider.
How was the initial setup?
The initial setup is pretty straightforward. If the user has a Windows machine then they just download the file and press Next several times. That's it. The deployment will take perhaps 20 minutes, although if there are network issues then it might take up to an hour.
We deploy AppSpider on a laptop and it is easier that way because you can take it in and out of the domain. You can connect with the web apps where they are.
What's my experience with pricing, setup cost, and licensing?
It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once.
What other advice do I have?
My advice to anybody who is considering this solution is that there are other products out there, and everyone has their own requirements. If AppSpider meets the requirements then it is a great one to implement.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?