2007 Press Releases

PDF Version

Rapid7 Updates Industry Leading Network, Web and Web 2.0 Application Vulnerability Scanning Solution

Rapid7 is First to Deliver a Vulnerability Scanning Solution That Analyzes Web Application and Web 2.0 Vulnerabilities in JavaScript and AJAX

Boston - November 14, 2007, the leading provider of Unified Vulnerability Management (UVM) solutions for large enterprise deployments and small to medium businesses, today announces the availability of the latest version of Rapid7 Nexpose. Nexpose 4.6 enhances Rapid7's industry leading web application scanning and network vulnerability assessment solution and allows organization to scan entire networks and take full advantage of their Web applications.

Security experts agree as more and more organizations develop Web and Web 2.0 applications, vulnerabilities and exploits will increase exponentially. To mitigate the risk, many businesses turn to Web Application scanners. However, Web application scanners struggle to recognize and uncover vulnerabilities in new functionality such as JavaScript, AJAX, Flash Flex, ActionScript, ASP.NET 2.0 (Atlas) and .NET 3.0.

According to Gartner in Web 2.0 Needs Security by John Pescatore, "The dynamic and distributed nature of Web 2.0 applications means that some new approaches will be required to maintain the necessary level of business strength security. Vulnerability assessment techniques will need to be extended to deal with client-side executables and service-oriented architectures."

In 2006, Rapid7 developed Browser Emulation Scanning Technology (BEST) for scanning Web and Web 2.0 applications for vulnerabilities in JavaScript code. With BEST, Rapid7 takes Nexpose's robust, automatic Web spidering and analysis capabilities to the next level, and is the first to provide a vulnerability scanning solution that analyzes JavaScript, AJAX and Flash applications in testing, quality assurance, deployment and ongoing management.

Rapid7 developed BEST in response to the increased use of Asynchronous JavaScript and XML (AJAX) for dynamic Web programming, which makes Web sites and applications vulnerable to Document Object Model or DOM-based cross-site scripting (XSS) and other risks. DOM-based XSS allows an attacker to trick a Web application into emitting malicious JavaScript or HTML code that appears to come from the application when it runs in the browser of an unsuspecting user.

"With version 4.6, Nexpose allows organizations to leverage their investment in Web applications and secure their entire network," states Alan Matthews, president of Rapid7 LLC. "Web applications, including Web 2.0, consist of many moving parts such as databases, operating systems and third-party applications. At Rapid7, we understand that customers require a solution like Nexpose that provides optimal web scanning and is completely integrated with network vulnerability management".

Nexpose 4.6 includes the following new and enhanced features:

  • Browser Emulation Scanning Technology (BEST) Client-side scanning of Web applications for vulnerabilities in JavaScript, AJAX, Flash, Flex, ActionScript, ASP.NET 2.0 (Atlas) and .NET 3.0.
  • Web Application Pass-Through Scanning Unlike other scanners that stop when they find a vulnerability, Nexpose passes through the initial vulnerability to scan for deeper vulnerabilities.
  • Web-Spidering Technology - Nexpose 4.6 increases scalability and performance.
  • Batched Scanning – Reduces scan times and allows customers to target specific and mission critical addresses.
  • Content Scanning Customers can scan applications for specific content such as credit card and social security numbers.

First introduced in 2001, Rapid7’s Nexpose scans Web server applications, databases, operating systems, and network devices to locate threats, assess their risk to the environment, devise a remediation plan and implement the ticketing process. Nexpose incorporates an expert system to build a knowledge base of facts on the environment it is exploring and model potential targeted attacks to expose all existing threats. Nexpose provides reporting capabilities that ensure compliance with governmental regulations and corporate security configuration policies. Nexpose PCI Compliance services meet the security scanning requirements of the MasterCard Site Data Protection (SDP) Program.

About Rapid7

Rapid7 is the leading provider of security risk intelligence solutions. Rapid7's integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are being used by more than 1,700 enterprises and government agencies in more than 65 countries worldwide, while the Company's free products are downloaded more than one million times per year and enhanced further by over 125,000 security community users and contributors. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.

Awards
Rapid7 named a Most admired Startup company by Boston Business Journal SC Magazine Finalist Deloitte Fast 500 Award Logo ASC Award inc500 Award Logo 2009 Redherring Winner Logo 2009 Best Prodcuts Logo 2009 Tomorrow Tech Logo 2009 GPE Awrads Logo Finalist Hot Companies 2009 Logo Rapid7 Star100 Revised Graphic SC Award Nominee 2008 Nominee 2008 Global Exeellence SC Awards 2007 Finalist Hot Companies of 2007 Customer Trust Logo Hot Company 2006 Logo SC 2006 Awards Winner
Most Read
Most Downloaded
Press Releases