Last updated at Wed, 28 Feb 2018 18:07:32 GMT

We think this is pretty sweet news. You asked, we built it—now you can scan one of your own applications with an InsightAppSec trial!

But before you start scanning your own application with the InsightAppSec free trial, you’ll need to validate your application’s domain. This requires adding a custom-generated meta tag to your application’s root path.

Let’s get started.

When adding your app to the InsightAppSec free trial, you’ll be given an option to “Scan my own domain”:

After selecting this option and entering some basic information about your app, you’ll be asked to validate the domain:

This custom-generated meta tag will need to be added below the < head > tag in the HTML code of your application’s base path.

If you or your team does not have access to the source code for the target application you want to scan with the InsightAppSec free trial, below is a handy email template you can use to get buy-in from your application’s owner:

Hello <Insert App Owner’s Name Here>,

Web application attacks continue to be the #1 source of breaches according to the Verizon DBIR report from the past couple of years.

In an effort to improve our application security posture, I’m currently assessing Rapid7’s Dynamic Application Security Testing (DAST) tool, InsightAppSec. InsightAppSec can automatically crawl and test web applications to check for vulnerabilities like SQL Injection, XSS, CSRF, and many more.

I can configure the scan to minimize impact to our application users by scheduling the scan to run during a maintenance window, or when fewer users are on the app. The time it takes the scan to run can vary, based on how the scan is configured and the size of the application. Please let me know when would be an appropriate window of time (estimated 2-3 hours) when the scan can take place.

I’d like to scan our application at: < Enter URL to application here >, and will need your assistance for this assessment.

The following HTML meta tag will need to be added below the < head > tag in the HTML code at the base path of the application so InsightAppSec can validate that we own the application:

< Enter meta tag from InsightAppSec here >

Please let me know if you have any questions, and I appreciate your help in our efforts to improve our organization’s security!

Regards,
< Your name here >

Now back to us: After InsightAppSec checks your application for the validation meta tag, you’ll be all set to start scanning your application and get visibility into your potential security risks!

If you have any questions or need help with this process, don’t hesitate to contact us. Get started with a free 30-day trial of InsightAppSec today.