Please share with the community what you think needs improvement with Rapid7 InsightAppSec.
What are its weaknesses? What would you like to see changed in a future version?
The performance can be improved. I would like a facility to monitor applications after they have been scanned. For example, when new programming is done, an application should be scanned again because sometimes they add a lot of pages and can affect it. The application should be monitored to protect you from future attacks or mistakes made by the developer team. In the future, if they can have integration with a lot of ticketing systems then it would be amazing. This would mean that if you're using any ticketing system, then because the application is already integrated with it, and if there's an issue with the web application, it will automatically open a support ticket for the development team.
I find the AppSec interface for defining scans and targets a bit confusing at first, but with practice the logic of the operation flow is understood.
The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions. The solution needs to have a softcore scan or scan that integrates better with the content.
I would like more details of what the product can do. For the new vulnerabilities and information which comes out, I would like to see them do some specific in-house application testing for companies who do their own application development.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.