Rapid7 Blog

AppSpider  

Modern Applications Require Modern Dynamic Application Security Testing (DAST) Solutions

Is your Dynamic Application Security Testing (DAST) solution leaving you exposed? We all know the story of the Emperor's New Clothes. A dapper Emperor is convinced by a tailor that he has the most incredible set of clothes that are only visible to the wise.…

AppSpider's Got Swagger: The first end-to-end security testing for REST APIs

We are thrilled to announce a major new innovation in application security testing. AppSpider is the first Dynamic Application Security Testing (DAST) solution capable of testing Swagger-enabled APIs. Swagger is one of the most popular frameworks for building APIs and the ability to test Swagger-enabled…

Why SQL Injection Vulnerabilities Still Exist: 8 Reasons Developer's Can't Eliminate Them

Knowing how to prevent a SQL injection vulnerability is only half the web application security battle. A multitude of factors come into play when it comes to writing secure code, many of which are out of the developers' direct control. That's why common vulnerabilities like…

Mobile application security: Lock the back door!

Mobile application security A few years ago, Sean Gallagher wrote this article that we believe outlines one of the most important areas of application security risk today, mobile application security. In his article for Ars Technica, “Mobile Application Security: Always Keep the Back Door Locked,…

Mobile Application Security: Think Twice Before Placing Football Bets

[A version of this blog was originally posted on September 25, 2013]Have you heard about the vulnerability in the Yahoo! Fantasy Football app? If Knowshon Moreno's performance on Monday against the Oakland Raiders got you down, you might want to read this warning to…

3 Tips for Finding the Best Website Security Scanner

[A version of this blog was originally posted on July 16, 2013] While it takes some work to find the best website security scanner for your organization, if you follow these three simple guidelines, you'll be off to a good start. Although accurate automated application…

3 Big Trends in Application Security

[A version of this blog was originally posted on July 18, 2013] With application security it seems there is never a dull moment. Different facets of web security continue to evolve from the hackers and the hacks to the techniques we use to combat them.…

Fix Security Defects Earlier with AppSpider and Selenium Integration

[A version of this blog was originally posted on September, 24 2014] It's a well-known fact that it costs less to fix security defects earlier in the software development lifecycle than later. But because most security professionals are experts in security and less familiar with…

5 Must-Haves for Modern Application Security Scanners

Dynamic Application Security Testing (DAST) solutions have been around for over a decade, so you might think the market is static. But, that's hardly the case. Web applications and malicious hackers continue to evolve and DAST solutions need to keep pace. According to Gartner, DAST…

Top 10 Business Logic Attack Vectors

I thought I'd take a moment to dig a little deeper on our whitepaper titled “Top 10 Business Logic Attack Vectors."Why did we write this paper?Business logic vulnerabilities are not new, but these vulnerabilities are common, dangerous and are too often untested.…

7 Deadly Sins: Unlock the Gates of Mobile Hacking Heaven

I've spent the past year hacking mobile applications in an effort to uncover the most common security mistakes made during development. I found that most of the problems are related to session management – the process of authenticating the user and ensuring an attacker isn't impersonating…

Security Testing Complex Workflows, Not So Complex Anymore

Conducting web application security testing for complex workflows can be a real pain. In order to find vulnerabilities, valid test data must be passed through exactly as the workflow prescribes. Most web application security testing scanners aren't up for the job, so security testers must…

7 Ways to Improve the Accuracy of your Application Security Tests

For more than 10 years, application security testing has been a common practice to identify and remediate vulnerabilities in their web applications. While, it's difficult to figure out the best web security software for your organization, there are seven key techniques that not only increase…

Modernize Your Application Security Scanning in Four Easy Steps

You've built modern mobile and rich internet applications (RIAs) that are sure to improve your business' next major revenue stream. Conscious of security, you've ensured that the native application authenticates to the server, and you've run the app through a web application security scanner to…

7 Things About Dan Kuykendall

Hello! I'm Dan Kuykendall. Since I'm new to the Rapid7 family, I thought I'd take a moment to introduce myself with 7 factoids about me: I'm not a geek, or a nerd—but a neek: Some people might think of me as a nerd, but…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now