OpenText Core Application Security vs Rapid7 InsightAppSec comparison

The compared OpenText and Rapid7 solutions aren't in the same category. OpenText is ranked #14 in AS , with an average rating of 8.0, and holds a 4.3% mindshare in the category. Rapid7 is ranked #2 in DAST , with an average rating of 7.8, and holds a 11.8% mindshare. Additionally, 89% of OpenText users are willing to recommend the solution, compared to 94% of Rapid7 users who would recommend it.

OpenText Core Application S...

Read 60 OpenText Core Application Security reviews

7,934 Views
5,792 Comparison Views

89% willing to recommend

Rapid7 InsightAppSec

Read 19 Rapid7 InsightAppSec reviews

1,598 Views
368 Comparison Views

94% willing to recommend

OpenText Core Application S...

Rapid7 InsightAppSec

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between OpenText Core Application Security and Rapid7 InsightAppSec based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed OpenText Core Application Security vs. Rapid7 InsightAppSec Report (Updated: May 2022).

Buyer's Guide

OpenText Core Application Security vs. Rapid7 InsightAppSec

May 2022

Download the complete report

Helped 862,624 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

OpenText Core Application S...

Average Rating

8.0

Reviews Sentiment

7.8

Number of Reviews

Ranking in other categories

Application Security Tools (14th), Static Application Security Testing (SAST) (12th)

Rapid7 InsightAppSec

Average Rating

8.2

Reviews Sentiment

7.5

Number of Reviews

Ranking in other categories

Dynamic Application Security Testing (DAST) (2nd)

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. OpenText Core Application Security is designed for Application Security Tools and holds a mindshare of 4.3%, down 5.1% compared to last year.
Rapid7 InsightAppSec, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 11.8% mindshare, down 12.6% since last year.

Application Security Tools

Dynamic Application Security Testing (DAST)

Featured Reviews

Jonathan Steyn

Principal Technical Consultant at EOH

Source code analyzer, FPR file generation, reduction of false positives and generates compliance reports, for in-depth analysis

Not challenges with the product itself. The product is very reliable. It does have a steep learning curve. But, again, one thing that Fortify or OpenText does very well is training. There are a lot of free resources and training in the community forums, free training as well as commercial training where users can train on how to use the back-end systems and the scanning engines and how to use command-line arguments because some of the procedures or some of the tools do require a bit of a learning curve. That's the only challenge I've really seen for customers because you have to learn how to use the tool effectively. But Fortify has, in fact, improved its user interface and the way users engage the dashboards and the interfaces. It is intuitive. It's easy to understand. But in some regards, the cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions. But from the point of the reliability index and how powerful the tool is, there's no challenge there. But it's just from a learning perspective; users might need a bit more skill to use the tool. The user interface isn't that tedious. It's not that difficult to understand. When I initially learned how to use the interfaces, I was able to master it within a week and was able to use it quite effectively. So training is required. All skills are needed to learn how to use the tool. I would like to see more enhancements in the dashboards. Dashboards are available. They do need some configuration and settings. But I would like to see more business intelligence capabilities within the tool. It's not particularly a cybersecurity function, but, for instance, business impact analysis or other features where you can actually use business intelligence capabilities within your security tool. That would be remarkable because not only do you have a cybersecurity tool, but you also have a tool that can give you business impact analysis and some other measurements. A bit more intelligence in terms of that from a cybersecurity perspective would be remarkable.

Read full review

Shritam Bhowmick

Vulnerability Management Lead at garrett

Provides reliable applications security but needs better integration options

There are areas for improvements regarding false positives. Integration capabilities are lacking, as options for integrations with other tools such as SNOW, Jira, or other integration tools are not sufficient in Rapid7 InsightAppSec. The user interface sometimes has glitches, which may prevent appropriate results during navigation, and even when we get appropriate results, it can be impossible to export them to CSV records or download files. Regarding scalability, Rapid7 InsightAppSec is not a scalable solution for our industry due to limited integration capabilities. Rapid7 relies on another tool called InsightConnect, which requires additional investment, detracting from scalability. Another area that needs improvement is the integration of AI capabilities into the platform. Both Rapid7 InsightAppSec and InsightVM need to advance in that area. In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives. This necessitates improvement in their behavioral-based analytics feature.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"This product is top-notch solution and the technology is the best on the market."

"I do not remember any issues with stability."

"The solution is user-friendly. One feature I find very effective is the tool's automatic scanning capability. It scans replicas of the code developers write and automatically detects any vulnerabilities. The integration with CI/CD tools is also useful for plugins."

"Speed and efficiency are great features."

"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."

"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."

"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."

"The SAST feature is the most valuable."

More OpenText Core Application Security pros

"The automatic automation of the automated authorization to the SCANNET environment is valuable."

"When considering DAST, it is not attributed to a singular feature but rather the capabilities of the engine that provides a genuine penetration testing experience and delivers insightful reports."

"In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions."

"The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset."

"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."

"The product’s most valuable feature is UI. It is easy to manage and find vulnerabilities in the application."

"I would rate the technical support from Rapid7 a ten, indicating high-quality support."

"It is a very robust solution."

More Rapid7 InsightAppSec pros

Cons

"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."

"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."

"There is room for improvement in the integration process."

"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."

"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."

"It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt."

"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."

"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."

More OpenText Core Application Security cons

"I required a solution to manage on-premises, but I was not as satisfied as expected."

"Currently, InsightAppSec lacks similar functionality. Customers must wait for remediation during the developers' preparation of a new version."

"The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports."

"There is room for improvement in the response time of customer service and support levels."

"The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications and should also cover mobile applications, including firmware recommendations."

"We'd like to see integrations with WAF solutions."

"Rapid7 InsightAppSec needs improvement in detecting phishing pages."

"The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec."

More Rapid7 InsightAppSec cons

Pricing and Cost Advice

"Their subscriptions could use a little bit of a reworking, but I am very happy with what they're able to provide."

"There are different costs for Micro Focus Fortify on Demand depending on the assessments you want to use. There is only a standard license needed to use the solution."

"I'd rate it an eight out of ten in terms of pricing."

"If I exceed one million lines of code, there might be an extra cost or a change in the pricing bracket."

"The pricing model it's based on how many applications you wish to scan."

"The solution is expensive and the price could be reduced."

"Fortify on Demand is more expensive than Burpsuite. I rate its pricing a nine out of ten."

"We are still using the trial version at this point but I can already see from the trial version alone that it is a good product. For others, I would say that Fortify on Demand might look expensive at the beginning, but it is very powerful and so you shouldn't be put off by the price."

More OpenText Core Application Security pricing and cost advice

"The price of this product is very cheap."

"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."

"Rapid7 InsightAppSec is cheap."

"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."

"I'm not sure how much it costs exactly, but I know it's expensive."

"Its price is competitive. It is not expensive."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

862,624 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

19%

Manufacturing Company

15%

Computer Software Company

11%

Government

Computer Software Company

16%

Financial Services Firm

15%

Manufacturing Company

13%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Micro Focus Fortify on Demand?

It helps deploy and track changes easily as per time-to-time market upgrades.

See all answers

What is your experience regarding pricing and costs for Micro Focus Fortify on Demand?

In comparison with other tools, they're competitive. It is not more expensive than other solutions, but their pricing is competitive. The licenses for Fortify On Demand are generally bought in unit...

See all answers

What needs improvement with Micro Focus Fortify on Demand?

There are frequent complaints about false positives from Fortify. One day it may pass a scan with no issues, and the next day, without any code changes, it will report vulnerabilities such as passw...

See all answers

What do you like most about Rapid7 InsightAppSec?

In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to p...

See all answers

What needs improvement with Rapid7 InsightAppSec?

See all answers

What is your primary use case for Rapid7 InsightAppSec?

Our main use case for Rapid7 InsightAppSec is to perform internal assessment of applications and external facing applications. We have a cloud engine plus on-premises engine, and we have been lever...

See all answers

Comparisons

SonarQube Server (formerly SonarQube) vs OpenText Core Application Security

Compared 17% of the time

Checkmarx One vs OpenText Core Application Security

Compared 12% of the time

Coverity vs OpenText Core Application Security

Compared 11% of the time

Veracode vs OpenText Core Application Security

Compared 11% of the time

GitHub Advanced Security vs OpenText Core Application Security

Compared 8% of the time

More OpenText Core Application Security Competitors

Rapid7 AppSpider vs Rapid7 InsightAppSec

Compared 31% of the time

PortSwigger Burp Suite Professional vs Rapid7 InsightAppSec

Compared 14% of the time

OWASP Zap vs Rapid7 InsightAppSec

Compared 11% of the time

Acunetix vs Rapid7 InsightAppSec

Compared 9% of the time

Invicti vs Rapid7 InsightAppSec

Compared 8% of the time

More Rapid7 InsightAppSec Competitors

Product Reports

Buyer's Guide

OpenText Core Application Security

July 2025

OpenText Core Application Security report

Download OpenText Core Application Security product report

Buyer's Guide

Rapid7 InsightAppSec

July 2025

Download Rapid7 InsightAppSec product report

Also Known As

Micro Focus Fortify on Demand

InsightAppSec

Overview

OpenText Core Application Security offers robust features like static and dynamic scanning, real-time vulnerability tracking, and seamless integration with development platforms, designed to enhance code security and reduce operational costs.

OpenText Core Application Security is a cloud-based, on-demand service providing accurate and deep scanning capabilities with detailed reporting. Its integrations with development platforms ensure an enhanced security layer in the development lifecycle, benefiting users by lowering operational costs and facilitating efficient remediation. The platform addresses needs for intuitive interfaces, API support, and comprehensive vulnerability assessments, helping improve code security and accelerate time-to-market. Despite its strengths, challenges exist around false positives, report clarity, and language support, alongside confusing pricing and package options. Enhancements are sought in areas like CI/CD pipeline configuration, report visualization, scan times, and integration with third-party tools such as GitLab, container scanning, and software composition analysis.

What features define OpenText Core Application Security?

Static and Dynamic Scanning: Offers thorough analysis to identify vulnerabilities during development.
Real-time Vulnerability Tracking: Continuously updates and monitors potential security threats.
Seamless Development Platform Integration: Enhances security processes without disrupting workflows.
Cloud-Based Service: Provides flexible, on-demand security capabilities with accurate results.
API Support: Allows smooth integration and automation within existing systems.

What benefits should users look for in reviews?

Reduced Operational Costs: Optimizes resources by lowering costs associated with security management.
Efficient Remediation: Speeds up the process of identifying and resolving vulnerabilities.
Enhanced Code Security: Strengthens overall application security during the development lifecycle.
Accelerated Time-to-Market: Streamlines development stages by integrating essential security tools.

Industries like mobile applications, e-commerce, and banking leverage OpenText Core Application Security for its ability to identify vulnerabilities such as SQL injections. Integrating seamlessly with DevSecOps and security auditing processes, this tool supports developers in writing safer code, ensuring secure application deployment and enhancing software assurance.

OpenText

Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

Rapid7

Sample Customers

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.

CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace

Buyer's Guide

OpenText Core Application Security vs. Rapid7 InsightAppSec

May 2022

Free Report: OpenText Core Application Security vs. Rapid7 InsightAppSec

Find out what your peers are saying about OpenText Core Application Security vs. Rapid7 InsightAppSec and other solutions. Updated: May 2022.

DOWNLOAD NOW

862,624 professionals have used our research since 2012.

See our OpenText Core Application Security vs. Rapid7 InsightAppSec report.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.