We use it as a web application scanner. It runs a ton of different detections and tests against our web applications and provides us with results. It connects directly with our SDLC for an API. We can automate the scanning of a web application during the development process when it changes from development to test and test to production.
External reviews
10 reviews
from
External reviews are not included in the AWS star rating for the product.
A highly scalable and robust product that enables users to automate scans
What is our primary use case?
What is most valuable?
I like that the product allows us to have an internal and external scanner. We can authenticate scans and pick and choose which attacks we want to use. It is a very robust solution.
What needs improvement?
The number of web applications we can scan is limited. There's a cost associated with how many web apps we want to scan.
For how long have I used the solution?
I have been using the solution for a year.
What do I think about the stability of the solution?
I have not had any issues. For over a year, the tool has not been down.
What do I think about the scalability of the solution?
The tool is completely cloud-based. So, the scalability is fine for external scanning. For internal scanning, we must create another scanner on our internal network. We can scale it at mass.
How are customer service and support?
The support is great. The problem with the support team is that it does not have a calling number. The best way to get a hold of the support team is by contacting the customer success manager and getting somebody in the support team. We could open a ticket, but we cannot call. Sometimes, I want to be able to just call somebody. I don't want to put a ticket in and wait for a response. The support team is responsive.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We used Qualys before. Rapid7 is better than Qualys.
How was the initial setup?
The initial setup is quite simple. I rate the ease of setup a nine out of ten. We can just connect to the web application and access our site. We can get it up and running within 20 minutes.
What about the implementation team?
The solution does not require maintenance since it is SaaS-based.
What other advice do I have?
Rapid7 just came out with a new package called Cloud Risk Complete, which gives us unlimited insight into scanning and unlimited AppSec scanning. It also gives us InsightCloudSec.
The product can do everything. We are struggling to get our DevOps team to commit to utilizing our web application scanners. We are siloed with it.
Overall, I rate the product an eight out of ten.
showing 11 - 11