Loading ...
Try HTTPCS +33 1 85 09 15 09
HTTPCS by ziwit vs rapid7

HTTPCS and Rapid7 Vulnerability scanners comparison

Thanks to this comparative review,
discover the differences, the advantages and the disadvantages of the two famous web application scanners: HTTPCS Security vs Rapid7.

14-Day free trial Ask for a demo

Click to compare our vulnerability scanner vs Rapid7

Headless and Grey Box

HTTPCS handles the latest-generation dynamic web content with its Headless Robot crawling the whole application.

100% mapping with Headless process

HTTPCS Security performs its tests with authentification (Grey box) and can handle complex authentifications like SSO (Single Sign On)

Grey Box tests option

The robot handles complex SSO (Single Sign On) authentifications

The HTTPCS security audits are automatically performed on a daily basis without any human intervention. Detailed reports reveal the exploitable security flaws.

scan scheduling option

The attack simulation feature only reveals the truly exploitable security flaws. It can help you understand the risks incurred.

No flaw simulator

HTTPCS offers a 0 false positive guarantee with its simulator. This guarantee saves time for the technical teams, that don't have to deal with the non exploitable flaws.

No guarantee

The flaws are cleverly and automatically listed according to their criticity level. The technical team can therefore immediately see the flaws that need to be fixed first.

Prioritization of flaws according to their criticity level

Indications and fixes to apply for each flaw are provided and detailed in each report.

No tool to help fix the flaws

The fixed flaws are detected and moved to a specific area dedicated to automated audits.

No automatic detection of the fixed flaws

Our pentesting teams can detect any kind of vulnerability (Top 10 OWASP, CVE, 0 Day attacks and more!)

Management of 95 different vulnerabilities

HTTPCS Security is part of the complete HTTPCS CyberSecurity suite. The user can easily find all the modules he subscribed in a single console.

Every HTTPCS solution integrates the Machine Learning technology. The intelligent robots constantly improves itself after each audit and becomes more and more efficient.

Detailed logs to HAR (HTTP Archive) format is optionally available

HAR format reports not available

A powerful API allows users to link with other tools.

API provided

For the users that don't have any security breach on their website, HTTPCS provides a certification seal. The seal is clickable and easy-to-use, it lets the company reassure its visitors.

HTTPCS console is 100 % SaaS, no installation is required. Console keeps the highest level of performance in order to provide a perfect cybersecurity to its users.

100% SaaS interface

The HTTPCS user console enables to companies with a large number of websites or applications to move them into predefined "categories" to make their management easier.

Classification system for websites

You can easily add, limit or delete a user in just a few clicks. The management of large work teams is made easier,

Multiple users management

Reports can quickly be exported to PDF format

PDF format reports available

Console interface is available in several languages (French, English, Italian and Portuguese)

Multilingual interface unavailable

The interface of the HTTPCS console is very easy to use and user-friendly. There is no additionnal fee or installation required, nor any training required for your employees.

Very dense and complex interface, training required to get familiar with it.

Data storage (logs and reports) is unlimited at HTTPCS, just so you can do stastistical studies in the long term.

Unlimited data storage

Pricing includes all costs. There is no additional fee at the time of purchase (set-up fees, training fees...)

HTTPCS Technical support is available in 7 languages, French-speaking and English-speaking included

Multilingual and international support

HTTPCS technical support is available during office hours for the "Plus" version and at any time for the "Full" version (24h/24, 7j/7)

24/7 support

Customer service can be reached online, by email and over the phone. A FAQ is also available on the website.

email, online chat, helpline, FAQ

European leader of Cybersecurity, HTTPCS is a French company. Therefore, HTTPCS protects your data in accordance with the GDPR and provides users with physical intermediary.


Offices located in France, American company


Headless technology and 100% mapping

A Headless browser can crawl and entirely map a web application. Indeed, a robot equipped with the Headless technology can behave like a real visitor by filling out forms, clicking on buttons or even by scrolling a page. The integration of this technology in a vulnerability scan will let the robot discover as many flaws as possible.

HTTPCS and Rapid7 both provide a Headless scanner which can browse and entirely analyze a web application or a website.

With its exclusive Headless robot and its ability to 100% map an application, HTTPCS offers the best service.

Just like HTTPCS, Rapid7 has a Headless robot and a 100% mapping of the content of web applications and websites.

Flaws and Grey Box

Grey Box testing and handled flaws

Three kinds of penetration testing are possible, performed by HTTPCS but also by Rapid7:

⦁ The Black Box, which is a test performed without any authentication.
⦁ The Grey Box, which is a test performed with the same access rights as an authenticated user, like an area reserved for the members for example.
⦁ The White Box which is a test that analyzes the inner structure of a code only available for administrators.

Regarding the flaw management, Rapid7 incorporates over 95 types of different flaws, including the Top 10 OWASP ones. As for HTTPCS, the solution also detects the OWASP and CVE flaws, but it goes even further by implementing «zero-day» flaws on a daily basis, thanks to its vulnerabilities monitoring.

Flaws and Grey Box
The HTTPCS robot manages known flaws that are certified (OWASP and CVE), but goes even further by including the «zero-day» flaws on a daily basis. Authentication and Grey Box tests are supported.

Flaws and Grey Box
Rapid7 processes over 95 different kind of vulnerabilities, including the top 10 OWASP. It also performs the Grey Box penetration tests.

False positive

False positive processing

The false positive is the indication of a positive result when it actually is negative. In the case of a web application scanner, a false positive is a non-exploitable flaw by a hacker, but which is nevertheless reported as an exploitable flaw. These detected «flaws» will cause a huge waste of time for the technical teams and will slow down the securing process of an application because these teams will have to perform a manual re-processing of the reported flaws to check and confirm if they really are dangerous.

Thanks to an innovative robot, HTTPCS Security can simulate attacks on every detected flaw in order to guarantee a 0 false positive rate. Only «exploitable» flaws are reported with warnings to the HTTPCS User Dashboard. As a proof, HTTPCS allows replaying an attack simulation only by using a simple «simulation» button. Finally, HTTPCS Robot automatically detects when a flaw has been fixed and does not report it a second time.

The technology developed by Rapid7 reduces the false positives rate, but it cannot, in any way, guarantee a 0 false positive rate.

False positive
The HTTPCS technology can simulate an attack against a flaw, just like a real hacker would do it. The solution is ingenious and guarantees 0 false positive rate.

False positive
Rapid7 limits the false positives and confirms a fix thanks to its «Attack-Replay» solution.

Solutions and specificities

Solution and specificities

The first specificity of Rapid7 is the incorporation of DevOps process management modules, which is the association of the Development and Operational teams within the same company in order to get a quick and prompt production process.

For a Web Application Scanner, it is the ability to detect vulnerabilities throughout the development of a web application. Therefore, the flaws are fixed before the application is even put online.

Rapid7 also offers an «Attack-Replay» feature. Slightly similar to the HTTPCS simulator, it can perform the scanner of a specific flaw and check a fix without reperforming a scan.

HTTPCS provides three additional modules along with its web application scanner:

  • HTTPCS Monitoring: in order to know the availability and accessibility of a website in real-time.
  • HTTPCS Integrity: in order to be warned in the case of any suspicious modification on a website or an external source.
  • HTTPCS Cybervigilance: in order to be notified in case of any data leak or any cyber risk against your company or organization.

HTTPCS and Rapid7 both function in SaaS mode. The user can access the scanners at any place and any time thanks to their user ID.

Solutions and specificities
HTTPCS provides a Cybersecurity Toolkit composed of its Web application scanner and 3 additional modules, including a disruptive Darknet monitoring solution.

Solutions and specificities
Rapid7 offers a DevOps management system and lets you follow the flaws of a web application during its development. It also offers an attack replay function in order to avoid making a full scan after every fix.

Secure your website or web application now and avoid being hacked!

14-Day free trial Ask for a demo

Pricing and support

Price and support

Rapid7 costs $ 2.000 (2.000 €) for each application with a minimum of ten applications to secure, so the overall price is $ 20.000 (20.000 €).

It pricing model is based on a «perpetual licensing». Indeed, the company buys the license for an unlimited time. However, if the company wishes to benefit from the last updates and support, it will have to pay again a price which is not indicated.

Rapid7 support is international and available in every language.

For its vulnerability scanner, HTTPCS provides a € 240 / month offer without commitment or a € 200 / month offer with a yearly billing for one application. Depending on the number of applications and on demand, the price may be reduced.

HTTPCS offers unlimited support in 7 languages. The subscription system lets you enjoy updates on a regular basis in order to maximize the level of security.

Pricing and support
HTTPCS clearly states its pricing on its website. Its price range is affordable for the services provided. Indeed, the HTTPCS support is reachable at any time and can help you anticipate any crisis situation with serenity.

Pricing and support
Rapid7 does not offer a subscription model and its pricing is much more expensive than the HTTPCS one. However, its support is exemplary and responsive.
Interface’s overview of our web vulnerability scanner


Security by ziwit logo

logo versus


logo rapid7

The HTTPCS interface is clear, sober and modern. Easy to use and to handle, it is user-friendly. Tutorials and Account managers are also available in order to answer any of your questions.

Rapid7 interface is available in SaaS mode. It is easy to use, and the technical support offered is responsive.

Comparative rating

In order to conclude this study, here is a general recap of the different tested features. Each feature has been graded out of 5 in order to obtain a final grade of 30.

comparative rating

The comparison below confirms the competitivity of HTTPCS in order to meet the needs of a company looking for a web application scanner.

Both Rapid7 and HTTPCS provide efficient solutions.

HTTPCS differentiates itself with its zero false positive guarantee, its included support and its pricing which includes all the upcoming updates. Its complementary modules may also be a heavyweight argument compared to its competitor, Rapid7.

Vulnerability Scanner tested by more than 9200 companies around the world

14-Day free trial Ask for a demo