InsightAppSec Certified Specialist

Course Description

Interested in automating your app security scanning and retrieving comprehensive reports for easy analysis? Or do you need to manage scan engines over multiple areas of your network? Say hello to InsightAppSec with this one day interactive course, packed with tips and tricks to help you successfully run app security tests using InsightAppSec. Whether you’re just getting started with application security or are migrating from a different AppSec solution, our experts will help you master the essentials, including platform requirements and scan configuration, and introduce you to best practices and common troubleshooting techniques to put your team on the fast track to more secure applications.

For flexible and accessible learning, this course is offered both virtually and on-site at your facility. The virtual class is hosted remotely on a Rapid7 lab and features simulated exercises against scenario-driven target environments. Customers who participate in on-site trainings will apply their learned skills in hands-on scenarios in their own environment.

All participants will have access to the InsightAppSec Certified Specialist Exam as part of their training program; go from being the student to the master and leverage the knowledge gained from class to become certified.

What You'll Learn

AppSec with InsightAppSec

  • Define application security
  • Common vulnerabilities in web applications
  • How web applications communicate
  • How InsightAppSec test for common vulnerabilities
  • Basic scanning
  • Manage your application settings


Features & Architecture

  • Product features
  • Product components
  • How compoenents interact


Understanding Scans

  • Configure scans
  • Customize your deployment
  • Establish an engine group
  • Install & pair an on-prem engine
  • Verify the on-prem engine status
  • Read scan logs for diagnostic information


Managing Scan Configurations

  • Create an attack template
  • Create a scan configuration



  • Record an authentication macro
  • Import a macro file for use
  • Use an HTTP archive file for authentication


Working with results

  • Manage scan findings
  • Review and validate findings
  • Manually validate a finding
  • Generate a report from a scan


Manage Scan Schedules

  • Create an InsightAppSec scan schedule
  • Profile settings
  • Scan schedule
  • Blackout schedule
  • Global blackout


Advaced Topics

  • Perform a scan using an API
  • Gather information using the InsightAppSec API
  • Import the InsightAppSec API
  • Modify instructions within a macro file
  • Use enviroments to manage API variables


You will be given an overview of the challenges facing application security from both a product-agnostic and the InsightAppSec focused perspective. We'll run practical labs focused on scanning for and understanding vulnerabilities. You'll also learn how application actions can be recorded and reused for scanning purposes.

  • InsightAppSec Architecture
  • AppSec with InsightAppSec
  • InsightAppSec Primer
  • Connecting an On Premise Scan Engine
  • Configuring Crawl Scans
  • Configuring Attack Scans
  • Authenticated and Unauthenticated Scanning
  • Setting Schedules and Blackouts
  • Using Macros and Recorded Traffic


Ideally, attendees should have the following:

  • Experience with Windows® Operating System
  • Basic knowledge of network protocols
  • Basic knowledge of vulnerability management systems
  • Basic knowledge of internet traffic


Open-enrollment class - $1,000 per student

Dedicated class (virtual delivery only) - $3,500 per course, up to 5 attendees

Applicable CPEs: 8

Training Registration
InsightAppSec Certified Specialist

Payment will open in a new window.
By submitting your registration, you are agreeing to our terms and conditions and acknowledge that all trainings are non-refundable.
Please note that this transaction may take up to two business days to go through our verification process.