-
Products
-
InsightIDR
User Behavior Analytics & SIEM -
InsightVM
Vulnerability Management -
InsightAppSec
Dynamic Application Security Testing -
InsightConnect
Orchestration & Automation -
InsightOps
Log Management -
Metasploit
Penetration Testing -
AppSpider
Application Security On-Premise -
tCell by Rapid7
Application Monitoring & Protection
-
-
Services
-
Partners
-
Research
-
Products
The Rapid7 Insight Cloud
Rapid7 Insight is your home for SecOps, equipping you with the visibility, analytics, and automation you need to unite your teams and amplify efficiency.
Insight Products -
Services
Rapid7 Global Services
Need a hand with your security program? From planning and strategy to full service support, our experts have you covered.
- Partners
- Research
Rapid7 Solutions
Web Application Security Testing
Three ways to gain visibility into your application vulnerabilities
Rapid7’s application security solutions crawl the deepest, darkest corners of even the most complex apps to help you test for risk and deliver the insight you need to take control. This gives you the confidence and visibility that is hard to gain in the dynamic, ever-evolving modern web. We’ve created a solution for every need: Which one is right for you?
InsightAppSec
Comprehensive, cloud-powered application security testing for the modern web
AppSpider
Enterprise
On-premise application security testing for DevSecOps teams and enterprise-wide use
Managed AppSec
A comprehensive approach to AppSec—from scanning to pen testing—run by our resident experts
| Comparison | InsightAppSec | AppSpider Enterprise | Managed AppSec |
|---|
-
Architecture and Scalability
Delivery model Cloud On-premise Cloud Rapid7 Insight platform Unlimited scans Multi-user support Multiple scan engines Support for small to large web app portfolios (dozens to hundreds of apps) Support for extra-large web app portfolios (thousands of apps) -
Vulnerability Detection
90+ Attack types, including OWASP Top Ten Internal web application scanning Online web application scanning Advanced discovery and testing of dynamic web clients, APIs, and microservices with Universal Translator (Advanced JavaScript, AJAX, GWT, JSON, REST, AMF, SOAP) Broad support of web input methods (GET/POST, Cookie, Header, File/Dir/Path, Multipart, JSON/XML, Parameter Names, GWT, DWR, AMF) -
Reporting and Remediation
Static report export (PDF, CSV) Interactive report export (HTML) Remediation advice Attack Replay from reports Compliance reports (PCI, HIPAA, SOX, OWASP) Vulnerability discovery history Scanning activity trend view -
Scan Management
Scan scheduling with blackout periods User and role based access controls -
Integrations and DevOps Automation
Integration with browser simulation tool (Selenium) Swagger REST API definition support for automated API testing Integration with ticketing systems (Atlassian Jira) Integration with Continuous Integration/Continuous Delivery (CI/CD) tool (Jenkins) Public API Web Application Firewall (WAF) virtual patching -
Managed Services
Rapid7 experts manage and run scans Vulnerability validation Business logic testing Named customer advisor -
Pricing
Prices start at $2000 per web application.* Contact Us Contact Us
| InsightAppSec | AppSpider Enterprise | Managed AppSec |
*Minimum of 10 applications; application identified by its fully-qualified domain name.