5 min
Podcast
Great Barrier Grief: How to Break Through Bottlenecks with Automated AppSec
In our brand-new podcast, Security Nation, Zate Berg of Indeed.com explains how he avoided making his team an engineering bottleneck through automated appsec.
7 min
Application Security
Hidden Helpers: Security-Focused HTTP Headers
This blog includes real-world scenarios in which attackers can manipulate unsecured HTTP headers and how to prevent your organization from falling victim.
4 min
InsightAppSec
How InsightAppSec Can Help You Improve Your Approach to Application Security
In this post, we’ll explore why modern apps require modern testing and how our DAST tool, InsightAppSec, is leading the way with the most sought-after needs for application security teams.
5 min
Application Security
How to Choose the Right Application Security Tool for Your Organization
In this post, we’re taking a look at the various application security testing technologies and how to determine which is best for your organization.
5 min
Application Security
5 Considerations When Creating an Application Security Program
In this blog, we explain how to address application security within your organization and how this translates into building better code.
3 min
Application Security
Single-Page Applications: The Journey So Far
While modern web application technology has made apps more useful, it's also made them harder to secure.
1 min
Application Security
Rapid7 Acquires Leading Web Application Security Provider, tCell
Today, Rapid7 announced the acquisition of tCell, a leading provider of web application threat defense and monitoring. We are so excited to have tCell join the Rapid7 family!
4 min
Application Security
How to Defend Against Magecart Using CSP
In this blog, we explain how you can defend against Magecart credit card skimming attacks by using HTTP's Content Security Policy.
5 min
InsightAppSec
New Features: Rapid7 Launches Public API For InsightAppSec
Rapid7 is pleased to announce the newest addition to your application security toolkit on the Rapid7 Insight platform: the public API in our DAST solution, InsightAppSec.
2 min
Application Security
The Newegg Breach: PCI Means Nothing to Magecart
Both the British Airways and Newegg breaches occurred at sites that followed data security rules but were not protected against attacks like Magecart.
3 min
Application Security
In Our Customers’ Words: Why Mastering Application Security Basics Matters
In a recent conversation with a Rapid7 application security customer, I was
reminded how much of a security practitioner’s day can be consumed by
troubleshooting buggy tools and manually executing the same tasks over and over
again (needlessly, may I add). As much as we’d like to think that security
professionals’ time is being efficiently utilized, oftentimes inadequate tools,
a lack of automation, and organizational silos impede SecOps-driven
[https://www.rapid7.com/solutions/secops/] progress
2 min
Application Security
New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit
Things are always brewing in Rapid7 product development. Today, we’re excited to
announce several exciting new features in InsightAppSec, our cloud-powered
application security testing solution for modern web apps
[https://www.rapid7.com/products/insightappsec/].
These include:
* Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements
* PDF report generation
* The Rapid7 AppSec Toolkit * Macro Recorder
* Traffic Viewer
* RegEx Builder
* Swagger/Rest API Utilit
4 min
Application Security
3 Ways to Accelerate Web App Security Testing
It used to be that web application security testing
[https://www.rapid7.com/solutions/application-security/] was the job of just the
security team. Today, it is becoming a much more integrative function,
especially for organizations who have adopted DevOps. Development cycles have
become shorter and features are released more frequently for companies to stay
competitive. Trouble is, with shorter development cycles, security needs a way
to keep up. After all, there’s little value in running fast
2 min
InsightAppSec
How to Scan Your Own Application with the InsightAppSec Free Trial
We think this is pretty sweet news. You asked, we built it—now you can scan one
of your own applications with an InsightAppSec trial!
But before you start scanning your own application with the InsightAppSec free
trial [https://www.rapid7.com/try/insightappsec], you’ll need to validate your
application’s domain. This requires adding a custom-generated meta tag to your
application’s root path.
Let’s get started.
When adding your app to the InsightAppSec free trial, you’ll be given an option
to
2 min
InsightAppSec
Making the Dream Work: Teaming with Dev for Safer Production Apps
So you’ve read the reports outlining how important it is for developers and
security teams to work together to build web applications quickly and securely
[https://information.rapid7.com/sans-state-of-application-security-2017-report.html]
, you’ve scoured the web and have researched the importance of building a web
application program at your organization
[https://www.rapid7.com/solutions/application-security/], perhaps even watched
some videos talking about the evolution of web applications an