Rapid7 Blog

AppSpider  

How DevOps Can Use Quality Gates for Security Checks

Your team has been working at all hours to put the final touches on code for a new big feature release. All the specs are in, the feature works as expected, and the code is pushed to production. A few hours later, the daily security…

Getting your Spidey on with Mobile Apps

As web applications continue to proliferate in the attack surface and more people make protecting them a priority, there is also a shift in the definition of a “web application,” and how we understand their potential vulnerabilities. A perfect illustration? OWASP finally incorporating APIs in…

3 Ways to Accelerate Web App Security Testing

It used to be that web application security testing was the job of just the security team. Today, it is becoming a much more integrative function, especially for organizations who have adopted DevOps. Development cycles have become shorter and features are released more frequently for…

What's New in AppSpider Pro 7.0?

In the latest release of AppSpider Pro version 7.0 you will find some great new features which will improve the crawling, attack and overall usability of the product. Below are a few of the key new enhancements you will find in the release. Chrome/…

Protecting Your Web Apps with AppSpider Defend Until They Can Be Patched

AppSpider scans can detect exploitable vulnerabilities in your applications, but once these vulnerabilities are detected how long does it take your development teams to create code fixes for them?  In some cases it could take several days to weeks before a fix/patch to…

Multiple Vulnerabilities Affecting Four Rapid7 Products

Today, we'd like to announce eight vulnerabilities that affect four Rapid7 products, as described in the table below. While all of these issues are relatively low severity, we want to make sure that our customers have all the information they need to make informed security…

Finalists in FIVE categories at the Network Computing Awards!

Ring Ring! You're in the Final! It's always nice to get a phone call letting us know that we've been shortlisted for awards – but when it's five awards, we like those calls even more! Two of our products, and our company have reached the final…

Bug, Not Alert: How Application Security Must Use Different Words

"Words matter” is something that comes out of my mouth nearly each day. At work it matters how we communicate with each other and the words we use might be the difference between collaboration or confrontation. The same happens with the security world, especially…

UNITED 2016: Want to share your experience?

Key trends. Expert advice. The latest techniques and technology. UNITED 2016 is created from the ground up to provide the insight you need to drive your security program forward, faster. This year, we're also hoping you can provide us with the insight we need to…

Web Application Security Testing: Single Page Applications Built with JavaScript Frameworks

In recent years, more and more applications are being built on popular new JavaScript frameworks like ReactJS and AngularJS. As is often the case with new application technologies, these frameworks have created an innovation gap for most application security scanning solutions and an acute set…

AppSpider application security scanning solution deepens support for Single Page Applications - ReactJS

Today, Rapid7 is pleased to announce an AppSpider (application security scanning) update that includes enhanced support for JavaScript Single Page Applications (SPAs) built with ReactJS. This release is significant because SPAs are proliferating rapidly and increasingly creating challenges for security teams. Some of the key…

Validate Web Application Security Vulnerabilities with AppSpider's New Chrome Plug-In

AppSpider's Interactive Reports Go Chrome We are thrilled to announce a significant reporting enhancement to AppSpider, Rapid7's dynamic application security scanner. AppSpider now has a Chrome Plug-in that enables users to open any report in Chrome and be able to use the real-time vulnerability validation…

RESTful Web Services: Security Testing Made Easy (Finally)

AppSpider's got even more Swagger now! As you may remember, we first launched improved RESTful web services security testing last year. Since that time, you have been able to test the REST APIs that have a Swagger definition file, automatically without capturing proxy traffic. Now,…

Lessons Learned in Web Application Security from the 2016 DBIR

We spent last week hearing from experts around the globe discussing what web application security insights we have gotten from Verizon's 2016 Data Breach Investigations Report. Thank you, Verizon, and all of your partners for giving us a lot to think about! We also polled…

Social Attacks in Web App Hacking - Investigating Findings of the DBIR

This is a guest post from Shay Chen, an Information Security Researcher, Analyst, Tool Author and Speaker. The guy behind TECAPI , WAVSEP and WAFEP benchmarks.Are social attacks that much easier to use, or is it the technology gap of exploitation engines that make social…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More