We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.


Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Metasploit Wrapup

You may have noticed that our weekly wrapups tend to be very light-hearted. A few might say our blog is humourous. Some might even argue that they incorporate low-brow internet jokes and an excessive quantity of memes. Well, I'm here to say we've turned over…

How to Remediate Vulnerabilities Across Multiple Offices

Your vulnerability scanner embarks on its weekly scan. The report comes in, you fire it off to your IT team across the country and...silence. Thinking they’re on it, you go on with your day, until next week’s scan report comes in and…

RSA 2018: Kickoff wrap-up

The opening day of RSA offered up copious nods to the need for security to be an integral, integrated part of innovation. RSA President Rohit Ghai talked about moving security upstream in the SDLC, Microsoft’s Brad Smith called for new ways to innovate that…

Georgia should not authorize "hack back"

The Georgia state legislature recently passed a bill - SB 315 - to create a new crime of accessing a computer without authorization. This will become law unless Governor Nathan Deal vetoes the bill by May 8th. Prior to SB 315, Georgia did not have…

Metasploit Wrapup

What's Your Favorite Security Site? When you are browsing sites on the Internet, you may notice some sites will include your public IP address on their pages. But what if you came across a site that also showed your IP address from your private network…

Threat Intel Book Club: The Cuckoo's Egg wrap-up

Last week, Rebekah Brown and I wrapped up The Cuckoo’s Egg with book club readers around the world. Dig through some blog archives to get a sense of how this book club got started and what we’ve discussed so far. Below is a…

How DevOps Can Use Quality Gates for Security Checks

Your team has been working at all hours to put the final touches on code for a new big feature release. All the specs are in, the feature works as expected, and the code is pushed to production. A few hours later, the daily security…

Just a little more may be all you need for great security

The following is a guest post from Kevin Beaver. See all of Kevin’s guest writing here. Thomas Edison once said that many of life's failures are experienced by people who did not realize how close they were to success when they gave up. Thinking…

Patch Tuesday - April 2018

Over 70 vulnerabilities have been fixed this month, including 6 in Adobe Flash (APSB18-08). At a high level, there's nothing too out of the ordinary. Unfortunately, that means the majority of the patched vulnerabilities are once again of the worst variety: Remote Code Execution (RCE)…

Shoring up the defenses together: 2018Q1 wrap-up

Today (April 10, 2018) we are sharing six vulnerabilities that have been fixed in Rapid7 products and supporting services. You won’t need to take any actions: all of the issues have been addressed. We are disclosing these vulnerabilities in order to be transparent, to…

CIS Critical Security Control 13: Data Protection Explained

This is a continuation of our CIS critical security controls blog series. Data protection is one of the cornerstones of a solid security program, and it is a critical function of the CIA Triad of Confidentiality, Integrity, and Availability. Data protection, as characterized by Critical…

Metasploit Wrapup

Mobile Moose This week marked the beginning of our time in the new office. Everything got packed up and moved: computers, chairs, Rudy’s cups, and odd soy sauce packets in the back of the drawers. One consequence of moving to downtown Austin is that…

Securing Personal Information in Web Applications for GDPR

The General Data Protection Regulation (GDPR), is just around the corner: it comes into effect on May 25, 2018. If you feel a refresher on this far-reaching privacy law is in order, we’ve got a lot of great content to help you and your…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More


Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More