My primary use case for Rapid7 Penetration Testing Services is the vulnerability database, which is mainly useful for making correlations when it comes to vulnerabilities that are found through a Nessus or OpenGL scan, for example. You can go and search up CVs, which are the identifiers for vulnerabilities, and they'll specify for you whether or not there's exploits available essentially for those vulnerabilities and what those exploits might look like.
Wide range of coverage and free
What is our primary use case?
What is most valuable?
Rapid7's wide range of coverage, in terms of vulnerabilities and exploits linked to vulnerabilities, is its most valuable feature. It is a pretty large database. I have not found issues basically with finding exploits related to vulnerabilities making use of the database. It seems like they have a pretty good amount of information in regards to the industry standard.
What needs improvement?
A useful improvement would be to have white papers for specific vulnerabilities readily available. It seems like they are not always linked when you are looking for a vulnerability identifier in the database. It would be useful to ensure that that information is readily available. That way, if you need to dive deeper into a vulnerability, you would have the capability to do so basically right there on the website.
For how long have I used the solution?
I have been using Rapid7 Penetration Testing Services for eight months.
What do I think about the stability of the solution?
I have not had any issues with availability or anything like that. It seems to work fairly smoothly.
What do I think about the scalability of the solution?
I cannot comment on the scalability because I have not had to set the database up myself. I am not sure how many users they get on a daily basis or how that affects their load balancing, etc.
Which solution did I use previously and why did I switch?
We use multiple databases based on what our needs are. If one database doesn't have information on a vulnerability, then we'll check another one. In addition to Rapid7, we also use Offensive Security and others.
How was the initial setup?
The initial setup is very straightforward. This is not a tool that you have to set up yourself. All you have to do is just access their web-based vulnerability database application, which is open source and available to pretty much anyone.
What's my experience with pricing, setup cost, and licensing?
Rapid7 Penetration Testing Services is free. It is open source.
What other advice do I have?
My advice is: make sure that you have the CVE number linked to whatever vulnerability it is you are trying to search up. You will typically be able to find documentation on it based on that CVE.
