Rapid7 AppSpider

Promote this Nomination

Additional Info

Company size (employees)850
Type of solutionSoftware


SPAs, APIs, mobile — the evolution of application technology is measured in months, not years. Is your application security tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so you aren’t left with gaping application risks.

Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today – and always be ready for whatever comes next.

Today’s web applications have rich client front ends and complex back ends that include APIs. AppSpider understands the many languages of today’s applications – JSON, REST, SOAP, XML-RPC, Google Web Toolkit (GWT) RPC and Action Message Format (AMF) – and tests API’s automatically. From Single Page Applications (SPAs) to mobile apps, AppSpider crawls, interprets, and tests today’s most modern apps, dramatically reduce manual testing times.

Today, modern teams are operating under a SecDevOps or “Rugged DevOps” model. For these teams, finding vulnerabilities is only half the battle; they need to speed up remediation and improve collaboration among developers and security. AppSpider automates application security test with each build so users continuously reduce future risk and provide DevOps with exactly what they need.

AppSpider also includes a variety of effective integrations with bug tracking, continuous integration, automated testing and WAFs designed to automatically find vulnerabilities early in the software development lifecycle. Most importantly, AppSpider delivers the best rates for the elimination of false positive and false negative findings. With AppSpider, teams can plan, control and measure scans and analyze all application scan data to determine if their security posture is improving.

How we are different

AppSpider has three key differences in the market:
• Application Scanning Capabilities - Rapid7 has consistently prioritized having the best web application scanning engine in the market. We have support for scanning APIs that power mobile, desktop and web applications, support for complex multi-step workflows, and now most recently support for one of the most popular web application development frameworks. JavaScript frameworks such as ReactJS and NodeJS are some of the fastest growing tools used for web development, and Rapid7 was the first to market with scanning capabilities designed to accurately handle ReactJS built websites. Additionally, AppSpider has sophisticated automation to allow customers to take advantage of the scanning capabilities with ease.
• Flexible Deployment, Pricing and Packaging - AppSpider can be delivered in multiple ways to meet many customer requirements. AppSpider Pro, the stand-alone DAST web application scanner, can be deployed on premises, in the cloud or in a combination of the two. AppSpider Enterprise also has multiple deployment options, allowing for an on-premises instance that controls both on-premises, cloud-based or combination on-prem/cloud-based AppSpider Pro scanners. In addition, AppSpider has several flexible pricing options.
• Integrations - AppSpider can connect with multiple additional tools to help complete the application security needs of our customers. AppSpider will integrate with continuous integration tools such as Jenkins and Bamboo, issue/defect tracking systems like Jira or HP Quality Center, Automated testing tools (Selenium), and also API documentation frameworks like Swagger. The Swagger integration makes AppSpider one of the strongest API testing solutions on the market. Additionally, AppSpider and integrate with popular Web Application Firewalls to help insure vulnerabilities that are found are safeguarded until they can be patched. To assist in the patching, we have a Chrome plug-in and HTML-based reports that allow for developers to have all the details they need to fix an issue.