Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Recent Posts

RASP 101: What Is Runtime Application Self-Protection?

If your organization isn't using a runtime application self-protection (RASP) tool to protect your applications, here's what you need to know.…

Rapid7 Introduces Industry Cyber-Exposure Report: Nikkei 225

Today, Rapid7 released our fourth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Nikkei 225 index.…

Metasploit Wrap-Up

Back to school blues Summer is winding down and while our for contributions haven't dropped off (thanks y'all!), we've been tied up with events and a heap of research. Don't despair, though: our own Brent Cook, Pearce Barry, Jeffrey Martin, and Matthew Kienow will be…

This One Time on a Pen Test: Nerds in the NERC

Here is the story of how we gained access to a NERC CIP control room in a power plant as part of a penetration testing engagement.…

How to Set Up InsightVM in Your Google Cloud Environment

In this blog post, we’ll go over how to set up our vulnerability scanner, InsightVM in your Google Cloud and how to tweak it for your environment.…

Application Security 101: The Importance of DevSecOps in AppSec

In this blog, we will share some insightful tips on all things application security and DevSecOps.…

Defining Cybersecurity Risk for Higher Education

Educational institutions and other organizations have similar cybersecurity risk profiles, but there are a few very specific areas that differ.…

Summer Security Fundamentals Recap: What You Need to Know About Vulnerability Management

In this blog, we share with you key takeaways from our recent vulnerability management panel, along with tips for creating a successful VM program.…

Metasploit Wrap-Up

A LibreOffice file format exploit, plus improvements to TLS and CredSSP-based fingerprinting.…

Why the Security Poverty Line Is Our Industry’s Responsibility to Fix

On this week's episode of Security Nation, we chat with Wendy Nather about her work combating the security poverty line.…

This One Time on a Pen Test: Missed a Spot

In this penetration testing story, Ted Raffle discusses how even strong security controls and threat mitigation can miss the mark when only one or two systems fall through the cracks.…

How to Prevent Cross-Site Scripting (XSS) Attacks

Cross-site scripting (XSS) isn’t new, but its impact and visibility are both growing. Here’s what you need to know to protect them from XSS attacks.…

Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon

Recently, we gave our customers the opportunity to ask members of our penetration testing services team any burning questions they have.…

How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign

In this blog post, Rapid7's MDR services team outlines a unique phishing campaign that utilizes a novel method of scraping organizations’ branded Microsoft 365 tenant login pages to produce highly convincing credential harvesting pages.…

Automating the Cloud: AWS Security Done Efficiently

Today, we are going to be installing software on all your existing EC2 instances across several (or all!) accounts under an organization in AWS.…