Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Rapid7  

AUTHOR STATS:

981

Customer Perspective: How InsightVM Helps Organizations Solve Common Vulnerability Management Challenges

In this blog, Brett Droche of Amedisys explains how Rapid7's InsightVM can mitigate or completely solve common vulnerability management challenges.…

Automation in Action: How Carnegie Mellon University Combats Vulnerabilities Using Nexpose

We recently spoke with Brian W. Gray, Information Security Engineer for Carnegie Mellon University, about how he manages vulnerabilities with Rapid7's vulnerability assessment solution, Nexpose.…

How Rapid7’s Orchestration and Automation Solution Boosted a Higher Education Security Team’s Effectiveness

We recently had the opportunity to sit down with Adam Elliott to discuss why his team chose Rapid7 and how our solution has increased the overall effectiveness of his security team.…

Securing Buckets with Amazon S3 Block Public Access

Amazon Web Services recently introduced a new security enhancement to its cloud storage service: Amazon S3 Block Public Access.…

How to Defend Against Magecart Using CSP

In this blog, we explain how you can defend against Magecart credit card skimming attacks by using HTTP's Content Security Policy.…

Introducing Metasploit’s First Evasion Modules

Rapid7's Metasploit team is proud to announce we have released the first-ever antivirus evasion module in Metasploit Framework.…

The Newegg Breach: PCI Means Nothing to Magecart

Both the British Airways and Newegg breaches occurred at sites that followed data security rules but were not protected against attacks like Magecart.…

The British Airways Breach: PCI is Not Enough

Magecart's techniques are sophisticated and worth understanding in detail, especially because they point out a major gap that occurs even with perfect PCI compliance.…

Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap

The final section of Kim Zetter's “Countdown to Zero Day”pulls together the many factors that are present in attacks such as Stuxnet.…

Do You Know Your AppSec ROI?

This blog was previously published on blog.tcell.io. This week has been a pretty interesting week in breaches. With the recent news of Magecart being the attacker of both Ticketmaster and British Airlines, you can't help but wonder why companies aren't learning from each…

Serverless and the OWASP Top 10

This blog was previously published on blog.tcell.io. This post kicks off a series we’re doing on serverless security, since it’s one of the hot trends in application development. Over the next several weeks, I’ll be writing about what serverless is,…

Summertime and the Coding Is (Sometimes) Easy: What I Learned During GSoC for Metasploit

My name is Eliott Teissonniere, and I was selected as a Google Summer of Code (GSoC) student for Metasploit this summer! Today, I am excited to tell you more about what we did and what’s next.…

5 Ways RASP Will Make Your Pentest Painless

This blog was previously published on blog.tcell.io. Regardless of the size of company you work for, penetration testing is a cornerstone of an application security strategy, especially for companies that need to satisfy certain compliance certifications, such as SOC 2 and PCI DSS.…

Cross-Site Scripting (XSS) Can Steal Payment Information from Payment Processors

This blog was previously published on blog.tcell.io. Just because your payment processor has PCI Level 1 doesn't mean you can ignore cross-site scripting (XSS). If you handle money, you process credit cards (since it's pretty hard to email cash). To prevent fraud, the…

What's Going on in Production Application Security 2018

Today, we released the Security Report for Web Applications (Q2 2018) which identified key threats in real-world web application traffic in the Amazon Web Services (AWS) and Azure cloud ecosystems. In evaluating 316 million incidents, it is clear that attacks against the application…