Click-and-scan web app security testing

Modern Workflows

InsightAppSec’s clean user interface and intuitive workflows make it easy to manage and scan your apps, analyze results, and generate reports. And because it’s built on the Rapid7 Insight platform, nothing needs to be installed on premise—just log in and start scanning.

On-Premise Scanning

InsightAppSec lives in the cloud; however, it can also scan your internal and pre-production web applications with the help of a lightweight scan engine deployed on-premise. Simply download the engine installer directly from InsightAppSec, install and pair with your InsightAppSec instance, and your internal non-internet facing web applications can be tested with the same powerful technology used in InsightAppSec’s cloud engines. Scan results from internal application scans are stored in the cloud so that all of your vulnerability results and reports can be accessed from the same console.

Universal Translator

InsightAppSec leverages Rapid7’s industry-leading and proven DAST scan engine, and our Universal Translator understands the formats, protocols, and development technologies used in modern mobile and browser-based applications. Whether analyzing data from a traditional name::value pair crawl or traffic captured within a proxy capture for modern apps, the Universal Translator normalizes traffic and attacks your application to uncover vulnerabilities.

Live Vulnerability View

Live Vulnerability View provides unprecedented power and flexibility to manage application vulnerabilities. InsightAppSec provides a live view of your applications’ vulnerabilities, not just those detected by a point-in-time scan. It also provides context around each vulnerability—such as how often it’s been detected and in which scans—to help with prioritization. The intuitive search interface makes it quick and simple to identify the vulnerabilities that matter most. And since vulnerabilities aren’t always handled the same way, users can update the severity and status of any vulnerability to better reflect their priorities.

Attack Replay

Attack Replay empowers your developers to confirm a vulnerability on their own without needing to run a scan. Sometimes providing a static report isn’t enough to prove a vulnerability exists—developers need an easy way to reproduce an issue, and Attack Replay provides that capability. After developers have implemented a fix for the vulnerability, they can immediately test their work with Attack Replay, helping them to quickly close out their tickets and simultaneously reduce application security risk.

Ticketing System Integration

By integrating with ticketing systems like JIRA, InsightAppSec makes sure your developers are notified early of new vulnerabilities detected in the applications they build in workflows they’re accustomed to. Combine a ticketing system integration with InsightAppSec’s Attack Replay and you get a powerful solution that reduces the friction between security and development teams and speeds you toward remediation.

Application Portfolios

Pre-production vs. production, HTTP vs HTTPS. Every application has multiple instances, but managing scans across those instances doesn’t have to a burden. InsightAppSec makes managing scans and understanding application risk a breeze by organizing scan configurations and results into “apps,” which logically group app instances and scan results into a single view.


Feature Brief: Universal Translator in InsightAppSec and AppSpider

The Universal Translator enables Rapid7’s Dynamic Application Security Testing (DAST) solutions—InsightAppSec and AppSpider—to maximize test coverage for modern web applications.

View now

Run your first scan in minutes...