Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Rapid7  

AUTHOR STATS:

983

Market Research: Akamai vs Cloudflare vs Incapsula vs tCell

 Ernie Regalado, the founder of Bizety.com, recently reviewed the landscape for web application security products and the evolution of security techniques to protect Web applications. Before starting Bizety, Ernie worked as a technology analyst and has done consulting in the CDN industry. Reviewing…

Under Armour Data Breach: Here's What We Know

Last week, Under Armour announced that a breach on MyFitnessPal compromised the data from 150 million users. I learned of the breach when a few friends asked me about it. They were curious because in the past year I’ve taken up cycling, and have…

The Iron Age of WAF: Automation

The first post in the series began with the earliest web application firewalls that were essentially stateless pattern matching engines, and when the limitations of treating requests in isolation became clear, the industry built the stateful WAFs described in the second post. Standard stateful WAFs…

tCell is a Strong Performer in a Leading Independent Analyst’s 2018 Research Report

 Today, we’re pleased to give you access to a new research report that we think is highly relevant to many of the common security problems that application developers and operations teams face. Forrester Research has published The Forrester New WaveTM: Runtime Application Self-Protection,…

The Dangers Of Underestimating The Importance Of Application Security

When it comes to application security, it’s easy for companies to make the “not us” assumption — the belief that critical apps are invulnerable to attack or that attackers will opt for other, more high-profile targets. Application Security: Five Risks of Assuming App Safety But…

Stateful WAF AKA the Bronze Age

The first post in this series kicked off our history series on the development of web application firewalls, with a discussion of what the earliest technology was capable of. Early WAFs were based on pattern recognition. That made them fast, but it also made it…

5 Challenges of Moving Apps to the Cloud

As businesses take the next step in transforming their organization, many struggle to handle the hurdles that come with migrating their applications to the cloud. The major issue when moving applications to the cloud is security. It seems the greatest value of what makes the…

Checking Back in with Google's DFP XSS Vulnerability

In December, I wrote about the most recent DFP XSS vulnerability and the files that many publishers were, and are still hosting on their sites today. This post will go into detail about how this type of attack, called a reflected XSS attack, can affect…

Stateless Web Application Firewall AKA The Stone Age

A common question I’ve received over many years in the tech industry is why we can’t just “figure out” all those pesky attackers and stop them once and for all. Part of the challenge, of course, is that we keep inventing new stuff.…

Cryptojacking, or Why Monero is on Everybody’s Lips Right Now

There is an incredible diversity of cryptocoins to mine, but many of these so-called “cryptojacking” attacks are targeted at just one, Monero. This post answers why. Last week, I wrote about cryptojacking through the Web browser.  In the short time we’ve been in…

Coinhive: Making Other People’s Web Browsers Mine Cryptocurrency

Over the weekend, we had a discussion at tCell about cryptocurrency, because there was a rash of stories about cryptocurrency mining being done through malicious JavaScript. (Scott Helme of securityheaders.io noted that the Information Commissioner’s Office, the UK’s data privacy regulator,…

Signatures - Are They Still Relevant in Application Security?

Before discussing if signatures are still relevant in this day and age of automation, sophistication, and complexity, let’s quickly talk about how signatures have evolved over time. As the internet has found ever-increasing adoption for commerce, banking, etc., it became obvious that we needed…

Security Issues In Cloud Computing: The Case For Continual Improvement

Improvements in reliability, speed and sheer compute power have changed the way companies look at the cloud: Once an outlier, cloud computing is now a necessity for orginizations looking to embrace mobile technologies, leverage big data and gain a competitive advantage. It’s cheaper and…

XSS Bug Reports Made Easy

When attackers compromise a website with XSS, it is important to understand what actually happened leading up to the exploit, as well as information on how the exploit was performed, and have clear information on how to remediate. The importance of this was recently illustrated…

Think Like a Hacker: Going Beyond Network Security

  From health care companies to credit agencies and telecommunication firms, hackers didn’t hold back in 2017. With no simple solution to hacking on the horizon, it’s a safe bet that 2018 will come with its own share of data breaches, compromises and…