Rapid7 Blog

Kim Dinerman  

AUTHOR STATS:

9

Web Application Security Testing: Single Page Applications Built with JavaScript Frameworks

In recent years, more and more applications are being built on popular new JavaScript frameworks like ReactJS and AngularJS. As is often the case with new application technologies, these frameworks have created an innovation gap for most application security scanning solutions and an acute set…

Lessons Learned in Web Application Security from the 2016 DBIR

We spent last week hearing from experts around the globe discussing what web application security insights we have gotten from Verizon's 2016 Data Breach Investigations Report. Thank you, Verizon, and all of your partners for giving us a lot to think about! We also polled…

The 2016 Verizon Data Breach Investigations Report (DBIR) - A Web Application Security Perspective

The 2016 Verizon Data Breach Investigations Report (DBIR) is out and everyone is poring over the report to see what new insights we can take from last year's incidents and breaches. We have not only created this post to look at some primary application security…

Modern Applications Require Modern Dynamic Application Security Testing (DAST) Solutions

Is your Dynamic Application Security Testing (DAST) solution leaving you exposed? We all know the story of the Emperor's New Clothes. A dapper Emperor is convinced by a tailor that he has the most incredible set of clothes that are only visible to the wise.…

AppSpider's Got Swagger: The first end-to-end security testing for REST APIs

We are thrilled to announce a major new innovation in application security testing. AppSpider is the first Dynamic Application Security Testing (DAST) solution capable of testing Swagger-enabled APIs. Swagger is one of the most popular frameworks for building APIs and the ability to test Swagger-enabled…

Watch your SaaS: Partial parameter checking or the case of unfinished homework

“Laws are like sausages. It's better not to see them being made.” – Otto von BismarckI'm not sure how many of you have kids or how diligent they are with their homework but I'm sure you've heard stories of parents observing that their…

SQL Injection Vulnerabilities: 4 Reasons Security Teams Can't Stop Them

SQL injection vulnerabilities have threatened application security for over 15 years and most security experts and many developers alike understand SQLi very well. So why are they still quite common, despite the fact that we, as an industry, know how to prevent them? Related Resource:…

Why SQL Injection Vulnerabilities Still Exist: 8 Reasons Developer's Can't Eliminate Them

Knowing how to prevent a SQL injection vulnerability is only half the web application security battle. A multitude of factors come into play when it comes to writing secure code, many of which are out of the developers' direct control. That's why common vulnerabilities like…

Mobile application security: Lock the back door!

Mobile application security A few years ago, Sean Gallagher wrote this article that we believe outlines one of the most important areas of application security risk today, mobile application security. In his article for Ars Technica, “Mobile Application Security: Always Keep the Back Door Locked,…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now