We changed our name from IT Central Station: Here's why

Rapid7 AppSpider OverviewUNIXBusinessApplication

Rapid7 AppSpider is #16 ranked solution in AST tools. PeerSpot users give Rapid7 AppSpider an average rating of 8 out of 10. Rapid7 AppSpider is most commonly compared to Rapid7 InsightAppSec: Rapid7 AppSpider vs Rapid7 InsightAppSec. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
What is Rapid7 AppSpider?

SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.

Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.

Rapid7 AppSpider was previously known as AppSpider.

Buyer's Guide

Download the Application Security Testing (AST) Buyer's Guide including reviews and more. Updated: January 2022

Rapid7 AppSpider Customers

Microsoft

Rapid7 AppSpider Video

Rapid7 AppSpider Pricing Advice

What users are saying about Rapid7 AppSpider pricing:
  • "It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
  • "The price is pretty fair."
  • Rapid7 AppSpider Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Network & Security Engineer at a tech consulting company with 11-50 employees
    Reseller
    Top 5
    Scan web applications for vulnerabilities and automate testing with various engines
    Pros and Cons
    • "When it is set up properly, it can do scanning on web apps with multiple engines automatically."
    • "AppSpider could improve in the area of integration. They need to add more integration opportunities."
    • "The enterprise interface is too simple. It should be more customizable."
    • "The tech support is responsive but issues remain unresolved."

    What is our primary use case?

    The customer that I handle right now uses AppSpider to scan web applications for vulnerabilities and application testing.  

    What is most valuable?

    For AppSpider there is more than one valuable feature. The distribution is good. With one console dashboard, we can integrate with one, two, or three different engines. When it is set up, each engine can do scanning on all of the web apps automatically.  

    The integration is also good when it is available. For example, we are using selenium to record usernames and passwords. Then we use selenium recording to automate the login and scanning of the apps. These are only two of the things that make AppSpider easy to work with.  

    What needs improvement?

    AppSpider could improve in the area of integration. They need to add more opportunities. The documentation about integration with AppSpider is bad news and some integrations are quite difficult to do right now. It would be nice if we had a simple resource where we could look up on the internet what they are set up to integrate with. Some products will not currently integrate with AppSpider.   

    The interface of the enterprise product is a bit too simple. It would be good if there were options for customizing the views more like a dashboard.  

    For how long have I used the solution?

    I do pre-sales for Rapid7 solutions and I have been doing that for around one or two years. I do not work with AppSpider day-to-day as part of my job, but I am doing presentations, POC (Proof of Concept), and I do some installations for our customers.  

    For Rapid7, I also work with InsightVM and Metasploit doing presentations, POC, and installations for customers. We are a distributor for Rapid7 products.  

    What do I think about the stability of the solution?

    Because we are only using the product during POC and testing and not using it day-to-day, we do not test the stability under higher usage. Because of that, it is hard to judge stability accurately.  

    What do I think about the scalability of the solution?

    I do not have a lot of experience with the scalability of the product. I think it is scalable because it is easy to do a distribution installation. The ability to use just one dashboard to employ more than one engine is good. I think that shows the processes are scalable.  

    Right now our clients are mostly medium enterprise businesses. We have not had the opportunity to scale to many larger organizations.  

    How are customer service and technical support?

    For InsightVM the technical support from Rapid7 has been good. If we create a ticket, we get feedback. But right now, one of our customers is a big telco in Indonesia. They are having a problem with an upgrade to Nexpose. The problem has remained unresolved for around one month already. The support only responded by saying that they will try to resolve this issue within six months. They suggested for us to upgrade to the next Nexpose already, but it still not resolved right now. Our customer is left still using the old Nexpose. It is not a good situation.  

    How was the initial setup?

    To do the installation and initial setup is easy, I think. To use the app is where you need to have an expert in using the product. Even though I have had some experience with AppSpider and I do presentations, I think I still need more time to explore the product to understand it better. 

    What other advice do I have?

    On a scale of one to ten (where one is the worst and ten is the best), I would rate Rapid7 AppSpider as a seven or eight-out-of-ten.  

    Disclosure: My company has a business relationship with this vendor other than being a customer: distributor
    Security Consultant at a tech vendor with 11-50 employees
    Consultant
    Top 10
    Good reporting and integrates well into the software development lifecycle
    Pros and Cons
    • "It is really accurate and the rate of false positives is very low."
    • "Support response times are slow and can be improved."

    What is our primary use case?

    We are a distributor for Rapid7 and AppSpider is one of the products that we implement for our clients.

    It does a scan that performs about 100 checks on web applications and produces a clear report on all of the vulnerabilities that are found. It is a dynamic scanner.

    What is most valuable?

    The reporting is very nice. There are many different reports and they include remediation details such as links as to where you can find patches.

    It is really accurate and the rate of false positives is very low.

    It can be integrated with the software development life cycle, which our customers have found very useful. It also integrates with Jira and other ticketing solutions.

    What needs improvement?

    With AppSpider, you can scan only one application at a time. If you have AppSpider Enterprise then you can connect one or two more scanners and scan multiple applications at one time.

    Support response times are slow and can be improved.

    For how long have I used the solution?

    I have been working with Rapid7 AppSpider for a month or two.

    What do I think about the stability of the solution?

    AppSpider is pretty stable.

    Which solution did I use previously and why did I switch?

    I have tried a couple of open source solutions like Burp Suite but nothing that is in competition with AppSpider.

    How was the initial setup?

    The initial setup is pretty straightforward. If the user has a Windows machine then they just download the file and press Next several times. That's it. The deployment will take perhaps 20 minutes, although if there are network issues then it might take up to an hour.

    We deploy AppSpider on a laptop and it is easier that way because you can take it in and out of the domain. You can connect with the web apps where they are.

    What's my experience with pricing, setup cost, and licensing?

    It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once.

    What other advice do I have?

    My advice to anybody who is considering this solution is that there are other products out there, and everyone has their own requirements. If AppSpider meets the requirements then it is a great one to implement.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    Find out what your peers are saying about Rapid7, Checkmarx, OWASP and others in Application Security Testing (AST). Updated: January 2022.
    563,327 professionals have used our research since 2012.
    Program Director at a financial services firm with 201-500 employees
    Real User
    Top 20
    A stable solution used for mining market insights, but the interface needs improvement

    What is our primary use case?

    We are using Rapid 7 AppSpider mainly for mining data and looking for market manipulations.

    What is most valuable?

    The most valuable feature is the ability to mine data.

    What needs improvement?

    The dashboard and interface are crucial and they need some improvement.

    For how long have I used the solution?

    I have been using Rapid7 AppSpider for two or three years.

    What do I think about the stability of the solution?

    I would say that it is stable, as I am not aware of any major issues.

    What do I think about the scalability of the solution?

    I don't know if it is scalable, as we haven't gotten to that stage yet. We are still testing it on quantities and conditions. Theoretically, yes, it's scalable. We have between 10 and 20 users.

    How are

    What is our primary use case?

    We are using Rapid 7 AppSpider mainly for mining data and looking for market manipulations.

    What is most valuable?

    The most valuable feature is the ability to mine data.

    What needs improvement?

    The dashboard and interface are crucial and they need some improvement.

    For how long have I used the solution?

    I have been using Rapid7 AppSpider for two or three years.

    What do I think about the stability of the solution?

    I would say that it is stable, as I am not aware of any major issues.

    What do I think about the scalability of the solution?

    I don't know if it is scalable, as we haven't gotten to that stage yet. We are still testing it on quantities and conditions. Theoretically, yes, it's scalable.

    We have between 10 and 20 users.

    How are customer service and technical support?

    I have not contacted technical support, nor do I know of anybody in the company who has.

    What other advice do I have?

    This is a product that I would recommend.

    I would rate this solution a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Network & Security Engineer at a tech consulting company with 11-50 employees
    Reseller
    Top 5
    scalable, good customer service, and simple install

    What is our primary use case?

    I try to have our customers to use the solution, then I review the solution, and then I help customers deploy the applications.

    What is most valuable?

    Testing the vulnerability of applications.

    What needs improvement?

    Integration could be better. For example, while doing the scanning, using the recording username and passwords, there are issues. Also, they could integrate CSED into the product which would benefit in the future.

    What do I think about the scalability of the solution?

    We have had no problems with scalability.

    How are customer service and technical support?

    Customer service has been quite good.

    How was the initial setup?

    The setup is usually straightforward.

    What about the implementation team?

    We do the deployment for our…

    What is our primary use case?

    I try to have our customers to use the solution, then I review the solution, and then I help customers deploy the applications.

    What is most valuable?

    Testing the vulnerability of applications.

    What needs improvement?

    Integration could be better. For example, while doing the scanning, using the recording username and passwords, there are issues. Also, they could integrate CSED into the product which would benefit in the future.

    What do I think about the scalability of the solution?

    We have had no problems with scalability.

    How are customer service and technical support?

    Customer service has been quite good.

    How was the initial setup?

    The setup is usually straightforward.

    What about the implementation team?

    We do the deployment for our clients.

    What's my experience with pricing, setup cost, and licensing?

    The price is pretty fair.

    What other advice do I have?

    I would recommend this product. I would give them a higher rating but they need to have more integration available. They do not have integration for GitLabs for example.  

    I rate Rapid7 AppSpider a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
    Buyer's Guide
    Download our free Application Security Testing (AST) Report and find out what your peers are saying about Rapid7, Checkmarx, OWASP, and more!