Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Application Security  

New InsightAppSec Features and Updates: A Look Inside

In this post, you’ll learn about all of our new features of InsightAppSec, how you can benefit from them, and how you can begin using them right away.…

Single-Page Applications: The Journey So Far

While modern web application technology has made apps more useful, it's also made them harder to secure.…

Rapid7 Leads All 'Strong Performers' in 2018 Forrester Wave for Emerging MSSPs

We’re proud to be recognized in the Forrester Wave as the leader in the “Strong Performer” category and to score second highest overall current offering for our Managed Security Services.…

Rapid7 Acquires Leading Web Application Security Provider, tCell

Today, Rapid7 announced the acquisition of tCell, a leading provider of web application threat defense and monitoring. We are so excited to have tCell join the Rapid7 family!…

How to Defend Against Magecart Using CSP

In this blog, we explain how you can defend against Magecart credit card skimming attacks by using HTTP's Content Security Policy.…

New Features: Rapid7 Launches Public API For InsightAppSec

Rapid7 is pleased to announce the newest addition to your application security toolkit on the Rapid7 Insight platform: the public API in our DAST solution, InsightAppSec.…

The Newegg Breach: PCI Means Nothing to Magecart

Both the British Airways and Newegg breaches occurred at sites that followed data security rules but were not protected against attacks like Magecart.…

The British Airways Breach: PCI is Not Enough

Magecart's techniques are sophisticated and worth understanding in detail, especially because they point out a major gap that occurs even with perfect PCI compliance.…

In Our Customers’ Words: Why Mastering Application Security Basics Matters

In a recent conversation with a Rapid7 application security customer, I was reminded how much of a security practitioner’s day can be consumed by troubleshooting buggy tools and manually executing the same tasks over and over again (needlessly, may I add). As much as…

New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit

Things are always brewing in Rapid7 product development. Today, we’re excited to announce several exciting new features in InsightAppSec, our cloud-powered application security testing solution for modern web apps. These include: Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements PDF report…

How DevOps Can Use Quality Gates for Security Checks

Your team has been working at all hours to put the final touches on code for a new big feature release. All the specs are in, the feature works as expected, and the code is pushed to production. A few hours later, the daily security…

Diving Deep and Finding Vulnerabilities in Modern Web Applications

As more and more companies shift the responsibility of security earlier in the software development lifecycle (SDLC), DevOps teams are being tasked with detecting vulnerabilities within their applications. Already scrambling to keep up with the terminology, processes, and technologies of modern-day security, DevOps teams also…

What is Modern Vulnerability Management?

Once upon a time (a few years ago) vulnerability management programs focused solely on servers, running quarterly scans that targeted only critical systems. But that was then, and you can no longer afford such a limited view in the now. To illustrate these changes in…

Securing Personal Information in Web Applications for GDPR

The General Data Protection Regulation (GDPR), is just around the corner: it comes into effect on May 25, 2018. If you feel a refresher on this far-reaching privacy law is in order, we’ve got a lot of great content to help you and your…

Getting your Spidey on with Mobile Apps

As web applications continue to proliferate in the attack surface and more people make protecting them a priority, there is also a shift in the definition of a “web application,” and how we understand their potential vulnerabilities. A perfect illustration? OWASP finally incorporating APIs in…