Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Application Security  

The 4 Big Differences Between Network Security and Web Application Security

Tomato, tomato, potato, potato, network security and web application security. Two things that may seem similar, they are actually quite different. Network security (also known as vulnerability assessment or vulnerability management) has been around for quite some time and is something most security practitioners today…

Fast and Secure SDLC: 4 Barriers to Tackle for Better Web Application Security

It’s been months in the making. It promises to generate new revenue for the business. And there’s one team that hasn’t seen it yet. We’re talking about your shiny new web application. Back in the day, it used to be that…

The Magic Behind Rapid7 Managed Application Security Services

When I was younger, one of my favorite gifts was a magic kit. My dad did magic tricks with cards and rope, and whenever I asked how he did it, he’d say, “A magician never tells his secrets.” Part of why I loved that…

InsightAppSec Feature Highlights: On-Premise Engines, JIRA Integration, and More

Powerful Yet Simple DAST Scanning Gets Even Better InsightAppSec, Rapid7’s cloud-powered web application security testing solution, has added three powerful new features: On-premise scan engines JIRA integration Scan Activity view Test Your Internal Applications and Reduce Your Risk Web application security testing shouldn’t…

Takeaways from 2017 SANS State of Application Security Survey

The training and research organization SANS recently released their 2017 State of Application Security survey results. The new report proves that now, more than ever, organizations need to invest in solutions that automate application security testing in order to reap benefits like: Identifying security vulnerabilities…

IoT Mobile Application Credential Encryption

Rapid7 IoT Research Lead Deral Heiland offers several of his takeaways from testing IoT mobile applications.…

What's New in AppSpider Pro 7.0?

In the latest release of AppSpider Pro version 7.0 you will find some great new features which will improve the crawling, attack and overall usability of the product. Below are a few of the key new enhancements you will find in the release. Chrome/…

About User Enumeration

User enumeration is when a malicious actor can use brute-force to either guess or confirm valid users in a system. User enumeration is often a web application vulnerability, though it can also be found in any system that requires user authentication. Two of the most…

R7-2017-02: Hyundai Blue Link Potential Info Disclosure (FIXED)

Summary Due to a reliance on cleartext communications and the use of a hard-coded decryption password, two outdated versions of Hyundai Blue Link application software, 3.9.4 and 3.9.5 potentially expose sensitive information about registered users and their vehicles, including application usernames,…

Apache Struts Vulnerability (CVE-2017-5638) Protection: Scanning with Nexpose

On March 9th, 2017 we highlighted the availability of a vulnerability check in Nexpose for CVE-2017-5638 – see the full blog post describing the Apache Struts vulnerability here. This check would be performed against the root URI of any HTTP/S endpoints discovered during a…

Bug, Not Alert: How Application Security Must Use Different Words

"Words matter” is something that comes out of my mouth nearly each day. At work it matters how we communicate with each other and the words we use might be the difference between collaboration or confrontation. The same happens with the security world, especially…

AppSpider application security scanning solution deepens support for Single Page Applications - ReactJS

Today, Rapid7 is pleased to announce an AppSpider (application security scanning) update that includes enhanced support for JavaScript Single Page Applications (SPAs) built with ReactJS. This release is significant because SPAs are proliferating rapidly and increasingly creating challenges for security teams. Some of the key…

Honing Your Application Security Chops on DevSecOps

Integrating Application Security with Rapid Delivery Any development shop worth its salt has been honing their chops on DevOps tools and technologies lately, either sharpening an already practiced skill set or brushing up on new tips, tricks, and best practices. In this blog, we'll examine…

Validate Web Application Security Vulnerabilities with AppSpider's New Chrome Plug-In

AppSpider's Interactive Reports Go Chrome We are thrilled to announce a significant reporting enhancement to AppSpider, Rapid7's dynamic application security scanner. AppSpider now has a Chrome Plug-in that enables users to open any report in Chrome and be able to use the real-time vulnerability validation…

RESTful Web Services: Security Testing Made Easy (Finally)

AppSpider's got even more Swagger now! As you may remember, we first launched improved RESTful web services security testing last year. Since that time, you have been able to test the REST APIs that have a Swagger definition file, automatically without capturing proxy traffic. Now,…