Rapid7 InsightAppSec Review

Excellent web scanning, good technical support, but lacks decent reporting

What is our primary use case?

We primarily used the solution to help us with analysis on our customer website. We also used it for our internal website in order to check security.

What is most valuable?

The way the solution arranged the web scanning was the most valuable aspect for us.

What needs improvement?

The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions. 

The solution needs to have a softcore scan or scan that integrates better with the content.

For how long have I used the solution?

In total, I've used the solution for about one year.

What do I think about the stability of the solution?

The solution is stable. It's good in terms of stability. That's not really any cause for concern. For users, if the internet connection becomes an issue, they will run into problems. If the internet is interrupted, they will have to re-scan. For us, we had some issues and had to reconfigure part of the scan. I'm not sure if the bandwidth of the internet was an issue on our side (in the office) or if something was happening with Rapid7. 

What do I think about the scalability of the solution?

It's quite easy to scale up for businesses that need to grow out the product. Users can just buy more licenses. It's quite easy, but of course, it will cost more. That would be the only prohibitive factor for some people or companies.

How are customer service and technical support?

We would sometimes need to reach out to technical support. This was only in instances when the product would crash or come down. Overall, I can say they were pretty good. We didn't have any issues with them and always found them helpful.

Which solution did I use previously and why did I switch?

We haven't used a similar product to Rapid7. This was our first time using this type of technology, so we have nothing to compare it to.

How was the initial setup?

The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset.

One or two people handled the deployment process. You don't need too many people or too many work hours to get everything up and running.

What about the implementation team?

We didn't need any outside help. Our company is quite technical and we have an IT engineer as part of the team. We have the knowledge in-house to handle implementations in general.

What's my experience with pricing, setup cost, and licensing?

We had a yearly license for a team of five or six people. I'm not sure what the cost was for Rapid7 overall as I don't handle the finances in my company.

What other advice do I have?

I'm not sure of what version of the solution we had been using at our organization previously. As of right now, the license has expired on Rapid7. We haven't been using it for about one month. It hasn't been too long since we stopped with regular usage.

We used Rapid7's cloud when we were running the program.

We had a team of about five or six people that had access to the product when we were using it.

If a company needs an effective product for web scanning, I can recommend this product. It's a great product. We found it to be quite effective in that regard. However, it did not help us to understand the web availability. This was something it lacked.

I would rate the solution eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Rapid7, OWASP, Veracode and others in Application Security Testing (AST). Updated: June 2021.
512,711 professionals have used our research since 2012.
Add a Comment
ITCS user