13 min
DAST
Unlocking the Power of Macro Authentication in Application Security: Part Two
In this post, we will review how to understand these error messages and what steps to take to get our authentication macro working.
7 min
InsightAppSec
Unlocking the Power of Macro Authentication: Part One
In this blog post, we will review how various components of a macro work and what to keep in mind when recording a macro for authentication.
3 min
Application Security
In Our Customers’ Words: Why Mastering Application Security Basics Matters
In a recent conversation with a Rapid7 application security customer, I was
reminded how much of a security practitioner’s day can be consumed by
troubleshooting buggy tools and manually executing the same tasks over and over
again (needlessly, may I add). As much as we’d like to think that security
professionals’ time is being efficiently utilized, oftentimes inadequate tools,
a lack of automation, and organizational silos impede SecOps-driven
[https://www.rapid7.com/solutions/secops/] progress
2 min
Application Security
New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit
Things are always brewing in Rapid7 product development. Today, we’re excited to
announce several exciting new features in InsightAppSec, our cloud-powered
application security testing solution for modern web apps
[https://www.rapid7.com/products/insightappsec/].
These include:
* Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements
* PDF report generation
* The Rapid7 AppSec Toolkit * Macro Recorder
* Traffic Viewer
* RegEx Builder
* Swagger/Rest API Utilit
4 min
DevOps
How DevOps Can Use Quality Gates for Security Checks
Your team has been working at all hours to put the final touches on code for a
new big feature release. All the specs are in, the feature works as expected,
and the code is pushed to production. A few hours later, the daily security scan
runs and the alerts start piling in. What went wrong? And what do you do now?
Typically when this happens, it means rolling back the entire deployment,
retroactively fixing the bugs and vulnerabilities in the code, and a week or two
later, re-deploying. If you’
4 min
Application Security
3 Ways to Accelerate Web App Security Testing
It used to be that web application security testing
[https://www.rapid7.com/solutions/application-security/] was the job of just the
security team. Today, it is becoming a much more integrative function,
especially for organizations who have adopted DevOps. Development cycles have
become shorter and features are released more frequently for companies to stay
competitive. Trouble is, with shorter development cycles, security needs a way
to keep up. After all, there’s little value in running fast
4 min
Application Security
AppSpider application security scanning solution deepens support for Single Page Applications - ReactJS
Today, Rapid7 is pleased to announce an AppSpider (application security
scanning) update that includes enhanced support for JavaScript Single Page
Applications (SPAs) built with ReactJS. This release is significant because SPAs
are proliferating rapidly and increasingly creating challenges for security
teams. Some of the key challenges with securing SPA's are:
1. Diverse frameworks - The diversity and number of JavaScript frameworks
contributes to the complexity in finding adequate scan co
3 min
AppSpider
RESTful Web Services: Security Testing Made Easy (Finally)
AppSpider's got even more Swagger now!
As you may remember, we first launched improved RESTful web services security
testing
[/2015/12/17/appspider-s-got-swagger-the-first-end-to-end-security-testing-for-rest-apis]
last year. Since that time, you have been able to test the REST APIs that have
a Swagger definition file, automatically without capturing proxy traffic. Now,
we have expanded upon that functionality so that AppSpider can automatically
discover Swagger definition files as part of the
6 min
API
AppSpider's Got Swagger: The first end-to-end security testing for REST APIs
We are thrilled to announce a major new innovation in application security
testing. AppSpider is the first Dynamic Application Security Testing (DAST)
solution capable of testing Swagger-enabled APIs. Swagger is one of the most
popular frameworks for building APIs and the ability to test Swagger-enabled
APIs is not only a huge time savings for application security testing experts,
but also enables Rapid7 customers to more rapidly reduce risk.
Why does this matter?
Modern applications make liber
3 min
AppSpider
Mobile application security: Lock the back door!
Mobile application security
A few years ago, Sean Gallagher wrote this article that we believe outlines one
of the most important areas of application security risk today, mobile
application security. In his article for Ars Technica, “Mobile Application
Security: Always Keep the Back Door Locked,” Gallagher outlines that its
important to address mobile application security because many of the mobile
applications we use today access backend middleware and corporate data sources.
We have email app