Rapid7 Blog

AppSpider  

What's New in AppSpider Pro 7.0?

In the latest release of AppSpider Pro version 7.0 you will find some great new features which will improve the crawling, attack and overall usability of the product. Below are a few of the key new enhancements you will find in the release. Chrome/…

Protecting Your Web Apps with AppSpider Defend Until They Can Be Patched

AppSpider scans can detect exploitable vulnerabilities in your applications, but once these vulnerabilities are detected how long does it take your development teams to create code fixes for them?  In some cases it could take several days to weeks before a fix/patch to…

Multiple Vulnerabilities Affecting Four Rapid7 Products

Today, we'd like to announce eight vulnerabilities that affect four Rapid7 products, as described in the table below. While all of these issues are relatively low severity, we want to make sure that our customers have all the information they need to make informed security…

Finalists in FIVE categories at the Network Computing Awards!

Ring Ring! You're in the Final! It's always nice to get a phone call letting us know that we've been shortlisted for awards – but when it's five awards, we like those calls even more! Two of our products, and our company have reached the final…

Bug, Not Alert: How Application Security Must Use Different Words

"Words matter” is something that comes out of my mouth nearly each day. At work it matters how we communicate with each other and the words we use might be the difference between collaboration or confrontation. The same happens with the security world, especially…

UNITED 2016: Want to share your experience?

Key trends. Expert advice. The latest techniques and technology. UNITED 2016 is created from the ground up to provide the insight you need to drive your security program forward, faster. This year, we're also hoping you can provide us with the insight we need to…

Web Application Security Testing: Single Page Applications Built with JavaScript Frameworks

In recent years, more and more applications are being built on popular new JavaScript frameworks like ReactJS and AngularJS. As is often the case with new application technologies, these frameworks have created an innovation gap for most application security scanning solutions and an acute set…

AppSpider application security scanning solution deepens support for Single Page Applications - ReactJS

Today, Rapid7 is pleased to announce an AppSpider (application security scanning) update that includes enhanced support for JavaScript Single Page Applications (SPAs) built with ReactJS. This release is significant because SPAs are proliferating rapidly and increasingly creating challenges for security teams. Some of the key…

Validate Web Application Security Vulnerabilities with AppSpider's New Chrome Plug-In

AppSpider's Interactive Reports Go Chrome We are thrilled to announce a significant reporting enhancement to AppSpider, Rapid7's dynamic application security scanner. AppSpider now has a Chrome Plug-in that enables users to open any report in Chrome and be able to use the real-time vulnerability validation…

RESTful Web Services: Security Testing Made Easy (Finally)

AppSpider's got even more Swagger now! As you may remember, we first launched improved RESTful web services security testing last year. Since that time, you have been able to test the REST APIs that have a Swagger definition file, automatically without capturing proxy traffic. Now,…

Lessons Learned in Web Application Security from the 2016 DBIR

We spent last week hearing from experts around the globe discussing what web application security insights we have gotten from Verizon's 2016 Data Breach Investigations Report. Thank you, Verizon, and all of your partners for giving us a lot to think about! We also polled…

Social Attacks in Web App Hacking - Investigating Findings of the DBIR

This is a guest post from Shay Chen, an Information Security Researcher, Analyst, Tool Author and Speaker. The guy behind TECAPI , WAVSEP and WAFEP benchmarks.Are social attacks that much easier to use, or is it the technology gap of exploitation engines that make social…

2016 DBIR & Application Security: Let's Get Back to the Basics Folks

This is a guest post from Tom Brennan, Owner of ProactiveRISK and serving on the Global Board of Directors for the OWASP Foundation. In reading this year's Verizon Data Breach Investigations Report, one thing came to mind: we need to get back to the basics.…

3 Web App Sec-ian Takeaways From the 2016 DBIR

This year's 2016 Verizon Data Breach Report was a great read. As I spend my days exploring web application security, the report provided a lot of great insight into the space that I often frequent. Lately, I have been researching out of band and second…

The 2016 Verizon Data Breach Investigations Report (DBIR) - A Web Application Security Perspective

The 2016 Verizon Data Breach Investigations Report (DBIR) is out and everyone is poring over the report to see what new insights we can take from last year's incidents and breaches. We have not only created this post to look at some primary application security…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now