Try our new research platform with insights from 80,000+ expert users
Rapid7 InsightAppSec Logo

Rapid7 InsightAppSec Reviews

Vendor: Rapid7
4.1 out of 5
Leave a review

What is Rapid7 InsightAppSec?

Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

Get the Rapid7 InsightAppSec Buyer's Guide and find out what your peers are saying about Rapid7 InsightAppSec, Checkmarx One, Veracode and more!
Rapid7 InsightAppSec is the #5 ranked solution in top Dynamic Application Security Testing (DAST) solutions and #11 ranked solution in top AI Observability solutions. PeerSpot users give Rapid7 InsightAppSec an average rating of 8.2 out of 10. Rapid7 InsightAppSec is most commonly compared to Checkmarx One: Rapid7 InsightAppSec vs Checkmarx One. Rapid7 InsightAppSec is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 13% of all views.
Buyer's Guide
Rapid7 InsightAppSec
January 2026
Get the report
Helped 881,733 peers since 2012

Featured Rapid7 InsightAppSec reviews

Read more reviews

Rapid7 InsightAppSec mindshare

As of February 2026, the mindshare of Rapid7 InsightAppSec in the Dynamic Application Security Testing (DAST) category stands at 6.2%, up from 3.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Dynamic Application Security Testing (DAST) Market Share Distribution
ProductMarket Share (%)
Rapid7 InsightAppSec6.2%
Veracode18.2%
Checkmarx One17.0%
Other58.6%
Dynamic Application Security Testing (DAST)

PeerResearch reports based on Rapid7 InsightAppSec reviews

TypeTitleDate
CategoryDynamic Application Security Testing (DAST)Feb 8, 2026Download
ProductReviews, tips, and advice from real usersFeb 8, 2026Download
ComparisonRapid7 InsightAppSec vs VeracodeFeb 8, 2026Download
ComparisonRapid7 InsightAppSec vs Checkmarx OneFeb 8, 2026Download
ComparisonRapid7 InsightAppSec vs OpenText Dynamic Application Security TestingFeb 8, 2026Download
Suggested products
TitleRatingMindshareRecommending
Checkmarx One3.917.0%88%81 interviewsAdd to research
Veracode4.018.2%89%208 interviewsAdd to research
 
 
Key learnings from peers
Last updated Feb 8, 2026

Valuable Features

Rapid7 InsightAppSec excels in integration, dynamic scanning, and a user-friendly interface. It offers robust attack templates, customization options, and automation features. Users benefit from an insightful centralized dashboard, effective remediation, and versatile deployment options. The reporting feature provides accurate insights, aiding in vulnerability management. Its cloud-native platform allows flexibility in scanning, without the need for constant upgrades. Attack replay and predefined templates enhance security assessments, while comprehensive videos and documentation facilitate ease of use.
  • "Customers use the product for scanning purposes and do not want to be restricted with respect to the number of scans they perform."
  • "Rapid7 InsightAppSec is a good product for dynamic application security testing, providing neat reports that include validation actions and helping to generate web application firewall rules for web applications."
  • "The reporting functionality is excellent."

Room for Improvement

Rapid7 InsightAppSec requires enhancements in reporting, user interface, and integration with tools like Jira and SNOW. Users encounter challenges with scan configurations and performance, seeking better detection of vulnerabilities and support for mobile apps. False positives and limited customization options for reports are concerns, as is expensive pricing. Improvements in AI capabilities and behavioral analytics are desired. Scalability and response time of customer support also need attention.
  • "Customers sometimes experience issues with performance."
  • "In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives."
  • "There is room for improvement in Rapid7 InsightAppSec by giving clients the ability for extra columns on reports and enabling the extraction of remediation reports into a CSV format. Currently, the PDF format is cumbersome to go through when dealing with thousands of pages."

ROI

Users indicated that Rapid7 InsightAppSec significantly enhanced their application security. They experienced faster vulnerability detection and remediation, improved compliance, and reduced risk exposure. Time savings and streamlined processes led to better resource allocation. Enhanced security oversight and effective threat management contributed to higher confidence in their defense capabilities.

Pricing

Rapid7 InsightAppSec offers a competitive and varied pricing structure suitable for enterprise buyers, with some users finding it inexpensive while others compare it to the cost of IBM. A 60-day trial is available, providing free access to reports and problem fixes. Many see the pricing as fair and beneficial for project-based licenses, allowing flexibility in user numbers. Some rate its pricing highly, suggesting it is worth the investment.
  • "Rapid7 InsightAppSec is cheap."
  • "I rate Rapid7 InsightAppSec’s pricing an eight out of ten."
  • "I'm not sure how much it costs exactly, but I know it's expensive."

Popular Use Cases

Organizations primarily use Rapid7 InsightAppSec for vulnerability scanning and dynamic application security testing on web applications and APIs. It helps identify security risks, perform penetration testing, and create detailed reports for validation. Users leverage its capabilities for both customer-facing and internal systems, integrating it into their development processes. Though some users note limitations in integration capabilities and false positives, the platform is praised for its scan coverage and user-friendly interface.

Service and Support

Technical support from Rapid7 InsightAppSec is generally praised for being helpful and responsive. Users appreciate the knowledgeable staff and their timely assistance, although some report challenges with response times and the lack of a call option. While support is usually high-quality, feedback integration into improvements is lacking. Rapid7 InsightAppSec is known for delivering commendable support service, though regional time differences can affect support experiences. Good licensing options lead to better support experiences.

Deployment

Rapid7 InsightAppSec's initial setup is consistently described as straightforward and quick. Users report that deployment typically takes under an hour, with minimal personnel required. The cloud-based nature simplifies installation, eliminating complex steps and on-premises deployment. Comprehensive documentation aids the process, allowing users to set up independently without external assistance. However, some mention that API setup can be complex for new users, suggesting potential improvements for ease of use.

Scalability

Rapid7 InsightAppSec offers ease in scaling, particularly for medium and large enterprises, amplified by its cloud-based structure. Users can purchase additional licenses to enhance capacity, though costs could be limiting for some. Despite its general flexibility, there are challenges such as onboarding delays and integration limitations, which require InsightConnect for optimal scalability. Users rate its scalability between four to nine on a ten-point scale, highlighting some diverse experiences.

Stability

Rapid7 InsightAppSec is stable according to users. Though some report minor internet-related challenges, most do not experience bugs or outages. Planned maintenance is well-communicated. Stability ratings vary, with most users rating it between eight and ten out of ten, highlighting reliability and performance. There is a mention of false positives, but stability itself is not questioned. Users appreciate continuous improvements and enhancements in features.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Rapid7 InsightAppSec Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business11
Midsize Enterprise2
Large Enterprise5
By reviewers
By visitors reading reviews
Company SizeCount
Small Business84
Midsize Enterprise61
Large Enterprise168
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
13%
Manufacturing Company
13%
Computer Software Company
11%
Government
9%
Energy/Utilities Company
5%
Retailer
4%
Insurance Company
4%
Healthcare Company
3%
Construction Company
3%
University
3%
Real Estate/Law Firm
3%
Hospitality Company
3%
Non Profit
3%
Marketing Services Firm
2%
Performing Arts
2%
Educational Organization
2%
Media Company
2%
Wholesaler/Distributor
2%
Logistics Company
1%
Outsourcing Company
1%
Recreational Facilities/Services Company
1%
Mining And Metals Company
1%
Legal Firm
1%
Comms Service Provider
1%
Leisure / Travel Company
1%
Consumer Goods Company
1%
Pharma/Biotech Company
1%
Wellness & Fitness Company
1%
Transportation Company
1%

Compare Rapid7 InsightAppSec with alternative products

Go!

Learn more about Rapid7 InsightAppSec

Rapid7 InsightAppSec was previously known as InsightAppSec.

Rapid7 InsightAppSec customers

CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace

Related questions

  • 12
When evaluating Dynamic Application Security Testing (DAST), what aspect do you think is the most important to look for?
  • 15
Why is Dynamic Application Security Testing (DAST) important for companies?

Product Categories

Product Categories
Dynamic Application Security Testing (DAST)
AI Observability

Popular Comparisons

Popular Comparisons
Checkmarx One vs Rapid7 InsightAppSec Logo
Checkmarx One vs Rapid7 InsightAppSec
Veracode vs Rapid7 InsightAppSec Logo
Veracode vs Rapid7 InsightAppSec
HCL AppScan vs Rapid7 InsightAppSec Logo
HCL AppScan vs Rapid7 InsightAppSec
Invicti vs Rapid7 InsightAppSec Logo
Invicti vs Rapid7 InsightAppSec
OpenText Dynamic Application Security Testing vs Rapid7 InsightAppSec Logo
OpenText Dynamic Application Security Testing vs Rapid7 InsightAppSec
PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec Logo
PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec
Continuous Dynamic (formerly WhiteHat Dynamic) vs Rapid7 InsightAppSec Logo
Continuous Dynamic (formerly WhiteHat Dynamic) vs Rapid7 InsightAppSec
AppCheck vs Rapid7 InsightAppSec Logo
AppCheck vs Rapid7 InsightAppSec
StackHawk vs Rapid7 InsightAppSec Logo
StackHawk vs Rapid7 InsightAppSec
See all alternatives
 
Rapid7 InsightAppSec Reviews Summary
Author infoRatingReview Summary
Vulnerability Management Lead at garrett3.5We use Rapid7 InsightAppSec for internal and external application security assessments. It offers strong scan coverage and reporting. However, it needs better integration, fewer false positives, and enhanced AI capabilities. Its interface and scalability require improvement. We deploy via AWS.
Head Of Cyber Security at Super Secure3.5I've worked with Rapid7 InsightAppSec for over three years and found it reliable, especially for financial institutions. Customers appreciate flexible scan scheduling, though customizable reporting could improve. Support is decent, pricing is fair, and renewals suggest satisfaction.
Manager at a financial services firm with 5,001-10,000 employees3.0I used Rapid7 InsightAppSec alongside Insight VM for managing on-premises needs but found InsightAppSec better in web-based systems. Though it offers some good features, improvements are needed in customer support, integration, and pricing. I previously used different on-premises solutions.
Works4.0We use Rapid7 InsightAppSec primarily to scan for vulnerabilities in APIs and UIs, finding the remediation feature most valuable. However, report generation could be improved by allowing additional columns and CSV exports, as PDFs are cumbersome.
Head of Infrastructure at Pearl Data Direct4.0We use Rapid7 InsightAppSec mainly for securing our Java-based applications through monthly penetration tests. It excels in realistic threat simulation but needs improvements in customizable reporting and user interface. We also use Qualys WAS for vulnerability management.
Technical Manager at a computer software company with 11-50 employees4.0No summary available
IT Security Engineer at a financial services firm with 51-200 employees4.0I use InsightAppSec to help customers with environment scans, automating authorization effectively. However, it lacks virtual patching found in AppSpyder, which delays remediation. Competitors like Acunetix and Qualys have similar offerings. Deployment utilizes other cloud providers.
Cyber Security Trainer and Programmer at Freelancer4.0I use Rapid7 InsightAppSec to identify code vulnerabilities on dynamic and e-commerce websites. It features easy setup and configuration, includes integration through a CDM, and offers valuable insights and demo sessions. However, it could improve in detecting phishing pages.