Rapid7 Solutions

Web Application Security Testing

Three ways to gain visibility into your application vulnerabilities

Rapid7’s application security solutions crawl the deepest, darkest corners of even the most complex apps to help you test for risk and deliver the insight you need to take control. This gives you the confidence and visibility that is hard to gain in the dynamic, ever-evolving modern web. We’ve created a solution for every need: Which one is right for you?


Comprehensive, cloud-powered application security testing for the modern web


On-premises application security testing for DevSecOps teams and enterprise-wide use

Managed AppSec

A comprehensive approach to AppSec—from scanning to pen testing—run by our resident experts

Comparison InsightAppSec AppSpider Enterprise Managed AppSec
  • Architecture and Scalability
    Delivery model Cloud On-premise Cloud
    Rapid7 Insight platform
    Unlimited scans
    Multi-user support
    Multiple scan engines
    Support for small to large web app portfolios (dozens to hundreds of apps)
    Support for extra-large web app portfolios (thousands of apps)
  • Vulnerability Detection
    90+ Attack types, including OWASP Top Ten
    Internal web application scanning
    Online web application scanning
    Advanced discovery and testing of dynamic web clients, APIs, and microservices with Universal Translator (Advanced JavaScript, AJAX, GWT, JSON, REST, AMF, SOAP)
    Broad support of web input methods (GET/POST, Cookie, Header, File/Dir/Path, Multipart, JSON/XML, Parameter Names, GWT, DWR, AMF)
  • Reporting and Remediation
    Static report export (PDF, CSV)
    Interactive report export (HTML)
    Remediation advice
    Attack Replay from reports
    Compliance reports (PCI, HIPAA, SOX, OWASP)
    Vulnerability discovery history
    Scanning activity trend view
  • Scan Management
    Scan scheduling with blackout periods
    User and role based access controls
  • Integrations and DevOps Automation
    Integration with browser simulation tool (Selenium)
    Swagger REST API definition support for automated API testing
    Integration with ticketing systems (Atlassian Jira)
    Integration with Continuous Integration/Continuous Delivery (CI/CD) tool (Jenkins)
    Public API
    Web Application Firewall (WAF) virtual patching
  • Managed Services
    Rapid7 experts manage and run scans
    Vulnerability validation
    Business logic testing
    Named customer advisor
  • Pricing
    Prices start at $2000 per web application.* Contact Us Contact Us
InsightAppSec AppSpider Enterprise Managed AppSec

*Minimum of 10 applications; application identified by its fully-qualified domain name.