We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Metasploit Wrapup

'Sploits! Get yer 'sploits heeere! Lots of fresh modules this week with six shiny new exploits to showcase—but first, a blast from the past: 1992 Called Solaris wants to help you get password hashes and they've invented the NIS protocol. The next time you…

How to Choose a Security Orchestration and Automation Platform

In the market for a security orchestration and automation platform but don’t know what solution is right for you? Or perhaps you’ve made some rushed decisions with past products and want to take a more careful approach this time around? We get it…

The 4 Big Differences Between Network Security and Web Application Security

Tomato, tomato, potato, potato, network security and web application security. Two things that may seem similar, they are actually quite different. Network security (also known as vulnerability assessment or vulnerability management) has been around for quite some time and is something most security practitioners today…

GDPR Preparation Checklist: January – Teach and Tidy

New year, new things to think about when it comes to your GDPR compliance preparations. Hopefully your GDPR project is in full swing by now. If it’s not, then you do really need to be getting your skates well and truly on. Do take…

Patch Tuesday - January 2018

The first Microsoft patches of 2018 came early, with new updates released late Wednesday, January 3rd. Although this was due to the (somewhat) coordinated disclosure of the Meltdown and Spectre vulnerabilities, last week’s updates also contained fixes for 33 additional CVEs. These days, Microsoft…

Vulnerability Management: A Year in Review - Prioritize

2017 has already broken the record for the most number of vulnerabilities reported. With more software being produced and more researchers focused on finding vulnerabilities, this trend will probably continue. Understanding where to focus and which vulnerabilities to fix first is more important than ever.…

Metasploit Wrapup

2018: a new year, new vulns, and endless opportunities to exploit them. The Metasploit community is kicking off the year with a variety of new content, functionality, research, and coordinated vulnerability disclosure. New Year, New Vulns After a couple months of coordinated disclosure work, long-time…

A Visit From a Printer PoC

The story of a group effort to perform a successful holiday printer hack...translated into rhymed verse for your HaXmas entertainment.…

Certificate Transparency: The Gift That Keeps Giving

While it's no surprise that both attackers and defenders can garner valuable information about the networks that they’re targeting (or defending), it may come as a surprise that a smörgåsbord of information on these networks is often publicly available. Moreover, once this information has…

The Ghost of a Botnet (Possibly) Past

For a week and a half in April, Rapid7 Labs observed a botnet with 18,000 distinct IPs marauding across the public internet. Then it disappeared, only to resurface again later. Join us as we tell the HaXmas tale of the ghost of a botnet past!…

Hohoho-wned: First Steps Toward a Pen Test Oriented Rootkit

Year after year it seems that Santa is intent on sending me coal, but little does he know that this year I already have access to one of his Linux machines and I'm going to make sure that I at least deserve to get my…

Fast and Secure SDLC: 4 Barriers to Tackle for Better Web Application Security

It’s been months in the making. It promises to generate new revenue for the business. And there’s one team that hasn’t seen it yet. We’re talking about your shiny new web application. Back in the day, it used to be that…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now