What is our primary use case?
We use Rapid7 for application security. We use it ourselves and we also provide services for our customers. The primary use is for checking security assessments of web applications. If you need code scanning or API integration, then AppSec provides these options.
What is most valuable?
This product is easy to use.
It uses a signature-based method to check for problems with your code and will provide an alert if anything is found. It will also give recommendations as to how to fix the issues.
What needs improvement?
The performance can be improved.
I would like a facility to monitor applications after they have been scanned. For example, when new programming is done, an application should be scanned again because sometimes they add a lot of pages and can affect it. The application should be monitored to protect you from future attacks or mistakes made by the developer team.
In the future, if they can have integration with a lot of ticketing systems then it would be amazing. This would mean that if you're using any ticketing system, then because the application is already integrated with it, and if there's an issue with the web application, it will automatically open a support ticket for the development team.
For how long have I used the solution?
I have been working with Rapid7 InsightAppSec for two years.
What do I think about the stability of the solution?
I have not had any trouble with bugs or glitches.
What do I think about the scalability of the solution?
How are customer service and technical support?
The technical support is amazing. I have been in contact with the local office in Dubai, and they are very good.
How was the initial setup?
It is a cloud-based solution so the initial setup is very simple.
You have an account, so you add the website to the application, and you should add your own website so that it has the authorization to scan your whole application.
What's my experience with pricing, setup cost, and licensing?
The price of this product is very cheap. A trial version is available for 60 days, where the reports and problem fixes are available for free.
What other advice do I have?
This is a product that I recommend and my advice for anybody who is interested in trying it, there is a free 60-day trial period where they will fix your problems without any payment. That will give you the opportunity to experiment with and gain experience scanning web applications.
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?