Rapid7 AppSpider vs. Trustwave App Scanner (discontinued)

Rapid7 AppSpider could be your default DAST (Dynamic Application Security Testing), it covers the OWASP top 10 for web and APIs. Great tools, with a very nice and understandable report and analytics, work excellent for one-shot or continuous monitoring of your web assets. Also has a fair amount of integrations with other popular tools.

Incentivized

This scanner is helpful for financial services apps that need to prove their credibility to users, and in an environment where users might not be comfortable providing their PII.

Incentivized

• Does a great job scanning Single Page Apps as well as APIs etc.
• We use this weekly and have faced no scan errors due to process failures or accidentally DoSing etc.

Incentivized

• Show that our app is credible
• Give users the confidence to do business on our app

Incentivized

• Scan might be slow compared to other tools.
• Not a lot of training on the vendor side.

Incentivized

• Integration requires the development team
• Takes up valuable real estate within the app
• Requires bandwidth and may slow down primary functions

Incentivized

BurpSuite isn't a competitor necessarily but still for the price of a few hundred dollars per user it is a great tool, however, AppSpider blew it out of the water with its accuracy in terms of vulnerabilities reported as well as other aspects such as UI, customer support etc.

Incentivized

These products are similar in nature. They all tend to do the same thing, in a similar way. Just need to watch for integration problems and consumer trust issues.

Incentivized

• Great ROI for consultant projects.

Incentivized

• Increases usage of mobile devices
• Reduces the need for live client services
• Improves user conference

Incentivized