Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Rapid7  

AUTHOR STATS:

983

What's Going on in Production Application Security 2018

Today, we released the Security Report for Web Applications (Q2 2018) which identified key threats in real-world web application traffic in the Amazon Web Services (AWS) and Azure cloud ecosystems. In evaluating 316 million incidents, it is clear that attacks against the application…

Analysis of the Ticketmaster Breach

This blog was previously published on blog.tcell.io. Although there have been a number of breaches in the past few weeks, the story around the breach at Ticketmaster is more interesting than most. It combines sophisticated web design, reusable components, the security model of…

CIS Critical Security Control 18: Breaking Down the Control Chaos of Application Software Security

Application software security (Critical Control 18) may seem overwhelming, but when upheld, it can make your SDLC wishes and SecOps dreams come true.…

Beyond RASP Security

The bad news: 100 percent of web applications are vulnerable. It’s not a typo: 100 percent of web applications contain at least one vulnerability — on average, apps have 11 potential weak points. So, it’s no surprise that organizations are leveraging tools that empower…

Your Black Hat 2018 Survival Guide

Our security team knows a thing or two about conquering a conference – making the most out of the day and night. So the team got together to share their personal recommendations on things to do and things to know in this handy Black Hat…

tCell: A Tool for PCI Compliance

If your app handles payments, you are undoubtedly familiar with the security rules surrounding credit card transactions. The Payment Card Industry (PCI) Security Standards Council has written a lengthy document for keeping card data safe to reduce fraud. If you want to take credit cards…

Podcast: The Future of Application Security and DevOps

Josh and Kurt from Open Source Security Podcast talk to Michael Feiertag, the CEO of tCell. We talk about what a Web Application Firewall (WAF) is, what it does and doesn’t do, and what the future of this technology…

Customer Story: How dscout Protects Against Web Application Attacks

tCell enables dscout to bring runtime application self-protection (RASP) technology inside applications without slowing down the user experience.  dscout, the leading SaaS qualitative research platform, deployed its next-generation cloud web application firewall. With tCell, dscout is able to protect against OWASP Top 10 type…

What the Heck is Drive-By Cryptomining?

It sounds like a cross between a slightly terrifying violent gang activity and a silly metaphor for drugery. Actually, that’s about right. Let’s start with the cryptomining part. For the uninitiated, Cryptomining is the process of doing computing work to earn…

Days Since Last Accident: KPIs for Application Security

Key Performance Indicators (KPIs) in security are painful. If you ask 3 different security engineers what they track and how they track performance, you’ll get 4 different answers. Ask for metrics on production application security and you’ll get 5, or more likely 0.…

How tCell Helps Align with GDPR Compliance

It’s finally May. We’ve all been counting down the months and weeks before the May 25th deadline hits. A lot of companies have been in a scramble about GDPR trying to figure out what they need to know, what they need to change,…

Why Runtime Application Self-Protection is Here to Stay

RASP had gotten a bad rap from tech companies over the past few years, and I can understand why. We’ve seen RASP vendors claim to be the answer to all of our app security problems, but then the tech turns out to be…

Should Security Teams Use CSP Nonces to Better Comply with PCI?

This week, tCell sponsored BSidesSF. Many things I’ve heard about the conference proved to be true, and the technical depth of conversations I had at our table was definitely enough to keep me on my toes. One of the most interesting conversations was with…

The Jet Age of WAF: Application Awareness

  For the final installment in our history of web security, it’s time to bring the story in to the present. The problem with bronze-age techniques, aka the stateful waf, is that they put a security engine in front of your application that…

Market Research: Akamai vs Cloudflare vs Incapsula vs tCell

 Ernie Regalado, the founder of Bizety.com, recently reviewed the landscape for web application security products and the evolution of security techniques to protect Web applications. Before starting Bizety, Ernie worked as a technology analyst and has done consulting in the CDN industry. Reviewing…