We performed a comparison between Rapid7 InsightAppSec and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."
"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."
"It is very convenient to get reports from the tool, which offers high-level environmental statistics."
"The most valuable feature of this solution is the graphical interface."
"The solution is stable."
"We have seen measurable decrease in the mean time to respond to threats by 20 percent."
"It's very easy to use and user-friendly. It does the job."
"The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great."
"Ad-hoc scanning during the development cycle and reports for audits are valuable features."
"Veracode Fix is a new feature that functions similarly to auto-remediation for low or medium flaw codes."
"The solution's ability to prevent vulnerable code from going into production is perfectly fine. It delivers, at least for the reports that we have been checking on Java and JavaScript. It has reported things that were helpful."
"For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE."
"With the tools that Veracode provides, our developers are actually able to comprehend what the vulnerability was and then resolve it. So a lot of knowledge has been grown as a result, around security, with our developers."
"Integrations into our developer's IDE (Greenlight) and the DevOps Pipeline SAST / SourceClear Integrations has particularly increased our time to market and confidence."
"The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use."
"Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool."
"The number of web applications we can scan is limited."
"We get a lot of false positives during the tests."
"The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec."
"The product’s pricing could be flexible."
"We'd like to see integrations with WAF solutions."
"In the future, if they can have integration with a lot of ticketing systems then it would be amazing."
"Rapid7 InsightAppSec needs improvement in detecting phishing pages."
"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."
"Veracode should provide more flexibility in its pricing and licensing modules so that it could be more affordable for all types of projects and not only for very active mission-critical projects."
"There should be more APIs, especially in SCA, to get some results or automate some things."
"The negative that I found is that it has a subscription-based model."
"The interface is basic and has room for improvement."
"The Greenlight product that integrates into the IDE is not available for PHP, which is our primary language."
"Veracode's ease of use could be improved. I would also like to see more online videos and tutorials that could help us understand the product better. It would also be helpful if Veracode created a certification program for DevSecOps staff to learn about their product and get certified. This kind of training would raise the company's profile within the industry."
"One area for improvement is the navigation in the UI. For junior developers or newcomers to the team, it can be confusing. The UI doesn't clearly bundle together certain elements associated with a scan. While running a scan, there are various aspects linked to it, but in the UI, they appear separate. It would be beneficial if they could redesign the UI to make it more intuitive for users."
"The zip file scanning has room for improvement."
Rapid7 InsightAppSec is ranked 3rd in Dynamic Application Security Testing (DAST) with 12 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Rapid7 InsightAppSec is rated 8.6, while Veracode is rated 8.2. The top reviewer of Rapid7 InsightAppSec writes "A highly scalable and robust product that enables users to automate scans". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Rapid7 InsightAppSec is most compared with Rapid7 AppSpider, OWASP Zap, PortSwigger Burp Suite Professional, Fortify WebInspect and Invicti, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Rapid7 InsightAppSec vs. Veracode report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.