Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

Rapid7 Blog

Dan Kuÿkendall  



Web Application Security Scanning & The Art of Automation

[A version of this blog was originally posted on November 5, 2012] Few people fully appreciate the difficulty in creating a web application security scanner that can actually work well against most sites. In addition, there is much debate about how much application security testing…

Mobile Application Security: Think Twice Before Placing Football Bets

[A version of this blog was originally posted on September 25, 2013]Have you heard about the vulnerability in the Yahoo! Fantasy Football app? If Knowshon Moreno's performance on Monday against the Oakland Raiders got you down, you might want to read this warning to…

3 Tips for Finding the Best Website Security Scanner

[A version of this blog was originally posted on July 16, 2013] While it takes some work to find the best website security scanner for your organization, if you follow these three simple guidelines, you'll be off to a good start. Although accurate automated application…

3 Big Trends in Application Security

[A version of this blog was originally posted on July 18, 2013] With application security it seems there is never a dull moment. Different facets of web security continue to evolve from the hackers and the hacks to the techniques we use to combat them.…

Fix Security Defects Earlier with AppSpider and Selenium Integration

[A version of this blog was originally posted on September, 24 2014] It's a well-known fact that it costs less to fix security defects earlier in the software development lifecycle than later. But because most security professionals are experts in security and less familiar with…

Mobile App & API Security - Application Security's "Where Waldo"

[A version of this blog was originally posted on February, 1 2013] As I have discussed in previous posts and at conferences, like OWASP AppSecUSA, while the number of attacks continue to increase, the attack techniques aren't new at all. They are actually the same…

5 Must-Haves for Modern Application Security Scanners

Dynamic Application Security Testing (DAST) solutions have been around for over a decade, so you might think the market is static. But, that's hardly the case. Web applications and malicious hackers continue to evolve and DAST solutions need to keep pace. According to Gartner, DAST…

Top 10 Business Logic Attack Vectors

I thought I'd take a moment to dig a little deeper on our whitepaper titled “Top 10 Business Logic Attack Vectors."Why did we write this paper?Business logic vulnerabilities are not new, but these vulnerabilities are common, dangerous and are too often untested.…

7 Deadly Sins: Unlock the Gates of Mobile Hacking Heaven

I've spent the past year hacking mobile applications in an effort to uncover the most common security mistakes made during development. I found that most of the problems are related to session management – the process of authenticating the user and ensuring an attacker isn't impersonating…

Security Testing Complex Workflows, Not So Complex Anymore

Conducting web application security testing for complex workflows can be a real pain. In order to find vulnerabilities, valid test data must be passed through exactly as the workflow prescribes. Most web application security testing scanners aren't up for the job, so security testers must…

7 Ways to Improve the Accuracy of your Application Security Tests

For more than 10 years, application security testing has been a common practice to identify and remediate vulnerabilities in their web applications. While, it's difficult to figure out the best web security software for your organization, there are seven key techniques that not only increase…

Modernize Your Application Security Scanning in Four Easy Steps

You've built modern mobile and rich internet applications (RIAs) that are sure to improve your business' next major revenue stream. Conscious of security, you've ensured that the native application authenticates to the server, and you've run the app through a web application security scanner to…

7 Things About Dan Kuykendall

Hello! I'm Dan Kuykendall. Since I'm new to the Rapid7 family, I thought I'd take a moment to introduce myself with 7 factoids about me: I'm not a geek, or a nerd—but a neek: Some people might think of me as a nerd, but…

NT OBJECTives Acquired by Rapid7!

I'm excited to connect with you through this first blog post as part of the Rapid7 team. Rapid7 has just acquired the company I co-founded, NT OBJECTives (NTO), an application security company specializing in dynamic application security testing software (DAST). Our NTO team is eager…

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More


Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More