Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Application Security  

You Can Have It Both Ways with AppSec: Security and Speed

Security and DevOps teams seemingly have to choose between speed and security. We think there's a better way.…

RASP 101: What Is Runtime Application Self-Protection?

If your organization isn't using a runtime application self-protection (RASP) tool to protect your applications, here's what you need to know.…

Application Security 101: The Importance of DevSecOps in AppSec

In this blog, we will share some insightful tips on all things application security and DevSecOps.…

How to Prevent Cross-Site Scripting (XSS) Attacks

Cross-site scripting (XSS) isn’t new, but its impact and visibility are both growing. Here’s what you need to know to protect them from XSS attacks.…

How to Protect the File System from Your App with WAFs and RASP

The new Local Files protection in tCell joins other RASP protections to defend against serious compromises.…

App-a-Bet Soup: Should You Use a SAST, DAST, or RASP Application Security Tool?

In this blog, we discuss all things web applications and how to select the right application security solution to keep them safe from attack.…

Rapid7 Announces an Early Access Program for tCell by Rapid7

We are excited to announce that we are launching the early access program for tCell by Rapid7.…

Beyond Static Rules: WAF vs. RASP for Better Web Application Security

In this blog post, we’ll discuss the differences between traditional web application firewalls (WAFs) and runtime application self-protection (RASP).…

Great Barrier Grief: How to Break Through Bottlenecks with Automated AppSec

In our brand-new podcast, Security Nation, Zate Berg of Indeed.com explains how he avoided making his team an engineering bottleneck through automated appsec.…

Hidden Helpers: Security-Focused HTTP Headers

This blog includes real-world scenarios in which attackers can manipulate unsecured HTTP headers and how to prevent your organization from falling victim.…

How InsightAppSec Can Help You Improve Your Approach to Application Security

In this post, we’ll explore why modern apps require modern testing and how our DAST tool, InsightAppSec, is leading the way with the most sought-after needs for application security teams.…

How to Choose the Right Application Security Tool for Your Organization

In this post, we’re taking a look at the various application security testing technologies and how to determine which is best for your organization.…

5 Considerations When Creating an Application Security Program

In this blog, we explain how to address application security within your organization and how this translates into building better code.…

New InsightAppSec Features and Updates: A Look Inside

In this post, you’ll learn about all of our new features of InsightAppSec, how you can benefit from them, and how you can begin using them right away.…

Single-Page Applications: The Journey So Far

While modern web application technology has made apps more useful, it's also made them harder to secure.…