Welcome to AppSpider

Today's security teams are responsible for securing hundreds of applications that include complex rich clients and APIs, complying with industry and government regulations, and keeping up with hacking trends. To them, building an effective application security program requires more than just crawling the web application interface. It's about having comprehensive application coverage and utilizing more sophisticated attack methodologies that address the technologies used by modern applications.

Application security is hard, but using application security tools shouldn't be. Application security scans come with a thousand options, but Rapid7's appsec products ship with system defaults based on years of application security experience, so that you can spend your time focusing on remediating vulnerabilities.

With AppSpider, you can plan, control and measure scans and look across all application scan data to track improvements in your security posture. Ultimately, AppSpider provides a way for you to assess and prioritize areas of greatest risk and enables you to build a modern enterprise application security program.

Rapid7 AppSec Solutions

AppSpider is a dynamic application security testing solution that allows you to scan web and mobile applications for vulnerabilities.

The core technology behind AppSpider is the Universal Translator, which interprets the new technologies, such as AJAX, HTML5, and JSON, that are being used in today's web and mobile applications and crawls traditional applications.

Available on premise, hosted or as a managed service, AppSpider enables you to effectively manage your application security program, delivers thorough analysis, comprehensive application coverage and sophisticated attack methodologies.

Benefits of AppSpider include:

  • Broad coverage
  • Advanced authentication
  • Integrations
  • Interactive reports
  • Distributed and scalable
  • Centralized control
  • Continuous site monitoring
  • End to end testing of APIs built with the OpenAPI Specification (formerly known as Swagger)

Compare Product Editions

Rapid7 offers four different editions of our application security product:

AppSpider Pro

This is a single scan engine meant for a team of one on a single machine, this on-premises edition is a highly customizable interface, with multiple options for vulnerability detection, reporting and remediation, as well as scan management and other features.

AppSpider Enterprise

This is a single console that includes multiple AppSpider Pro scan engines. Meant for multi user teams that need to be centrally managed, this on premise edition has a webapp that supports multiple scan engines with unlimited scans, dozens to hundreds of web apps, and has multiple options for vulnerability detection, reporting and remediation, as well as scan management and other features.

InsightAppSec

Includes AppSpider Enterprise. Meant for multi-user teams, this cloud edition supports multiple scan engines with unlimited scans, dozens to thousands of web apps, and has multiple options for vulnerability detection, reporting and remediation, as well as scan management and exclusive features such as vulnerability discovery history and scanning activity trends.

Managed AppSec

Includes InsightAppSec. Let us do the work for you! This managed edition supports multiple scan engines with unlimited scans, dozens to thousands of web apps, and has multiple options for vulnerability detection, reporting and remediation, as well as scan management and other features.

See the Product Editions page for more information.

Welcome to AppSpider