2 min
Compliance
The British Airways Breach: PCI is Not Enough
Magecart's techniques are sophisticated and worth understanding in detail, especially because they point out a major gap that occurs even with perfect PCI compliance.
3 min
InsightIDR
Detecting Inbound RDP Activity From External Clients
Today, we discuss how to detect inbound RDP activity from external clients.
4 min
Threat Intel
Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap
The final section of Kim Zetter's “Countdown to Zero Day”pulls together the many factors that are present in attacks such as Stuxnet.
4 min
Do You Know Your AppSec ROI?
This blog was previously published on blog.tcell.io.
This week has been a pretty interesting week in breaches. With the recent news
of Magecart being the attacker of both Ticketmaster and British Airlines, you
can't help but wonder why companies aren't learning from each other so they
aren't faulted for the same vulnerabilities. The answer in most cases is that
they don’t have the resources available to stay ahead of these attacks. Security
has traditionally been seen as a cost center, but with
5 min
Serverless and the OWASP Top 10
This blog was previously published on blog.tcell.io.
This post kicks off a series we’re doing on serverless security, since it’s one
of the hot trends in application development. Over the next several weeks, I’ll
be writing about what serverless is, what types of applications benefit from it,
and the security considerations you might have when building your application on
bleeding-edge technology.
Serverless model
Serverless computing, sometimes called “Function as a Service” (FaaS), lets you
3 min
5 Ways RASP Will Make Your Pentest Painless
This blog was previously published on blog.tcell.io.
Regardless of the size of company you work for, penetration testing is a
cornerstone of an application security strategy, especially for companies that
need to satisfy certain compliance certifications, such as SOC 2 and PCI DSS.
Pen testing is a simulated attack against your web applications or a traditional
WAF [https://www.rapid7.com/fundamentals/web-application-firewalls/]. By using a
controlled attack plan coupled with runtime applicati
4 min
Cross-Site Scripting (XSS) Can Steal Payment Information from Payment Processors
This blog was previously published on blog.tcell.io.
Just because your payment processor has PCI Level 1 doesn't mean you can ignore
cross-site scripting (XSS)
[https://www.rapid7.com/fundamentals/cross-site-scripting/]. If you handle
money, you process credit cards (since it's pretty hard to email cash). To
prevent fraud, the card industry has created the PCI Data Security Standard
[https://www.pcisecuritystandards.org]. So, if you're processing cards, you'll
be safe if you follow the specifi
3 min
What's Going on in Production Application Security 2018
Today, we released theSecurity Report for Web Applications
[http://bit.ly/2nZCS7r](Q2 2018) which identified key threats in real-world web
application traffic in the Amazon Web Services (AWS) and Azure cloud ecosystems.
In evaluating 316 million incidents, it is clear that attacks against the
application are growing in volume and sophistication, and as such, continue to
be a major threat to business.
The majority of web application attacks are the result of overall scanning for
vulnerabilitie
2 min
Analysis of the Ticketmaster Breach
This blog was previously published on blog.tcell.io.
Although there have been a number of breaches in the past few weeks, the story
around the breach at Ticketmaster
[https://www.darkreading.com/attacks-breaches/ticketmaster-breach-part-of-massive-payment-card-hacking-campaign/d/d-id/1332266]
is more interesting than most. It combines sophisticated web design, reusable
components, the security model of the web browser, and even a dash of payment
regulations.
The breach itself is interesting b
5 min
CIS Controls
CIS Critical Security Control 18: Breaking Down the Control Chaos of Application Software Security
Application software security (Critical Control 18) may seem overwhelming, but when upheld, it can make your SDLC wishes and SecOps dreams come true.
2 min
Beyond RASP Security
The bad news: 100 percent of web applications are vulnerable. It’s not a typo:
100 percent of web applications contain at least one vulnerability — on average,
apps have 11 potential weak points.
So, it’s no surprise that organizations are leveraging tools that empower
applications to take defensive action without the need for direct IT
involvement. Known as RASP (runtime application self-protection)
[https://www.rapid7.com/fundamentals/runtime-application-self-protection/] — and
hence the a
2 min
Incident Detection
MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis
Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic
13 min
Your Black Hat 2018 Survival Guide
Our security team knows a thing or two about conquering a conference – making
the most out of the day and night. So the team got together to share their
personal recommendations on things to do and things to know in this handy Black
Hat 2018 Survival Guide.
We’ve got you covered on all things Black Hat.
* Getting Around – Monorail, shuttle services, and hotels
* Where to Party – The full list of official and unofficial parties
* Recoup and Recover – There are a ton of spots to escape the c
2 min
InsightIDR
How to detect SMBv1 scanning and SMBv1 established connections
How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.
3 min
What the Heck is Drive-By Cryptomining?
It sounds like a cross between a slightly terrifying violent gang activity and a
silly metaphor for drugery.Actually, that’s about right.
Let’s start with the cryptomining part. For the uninitiated, Cryptomining
[https://www.rapid7.com/blog/post/2018/02/13/coinhive-making-other-peoples-web-browsers-mine-cryptocurrency/]
is the process of doing computing work to earn cryptocurrency.
The basis of cryptocurrency is a shared cryptographic ledger. You need a lot of
computing power to process the