News & Events

2007 Press Releases

PDF Version

Rapid7 Updates Industry Leading Network, Web and Web 2.0 Application Vulnerability Scanning Solution

Rapid7 is First to Deliver a Vulnerability Scanning Solution That Analyzes Web Application and Web 2.0 Vulnerabilities in JavaScript and AJAX

Boston - November 14, 2007, the leading provider of Unified Vulnerability Management (UVM) solutions for large enterprise deployments and small to medium businesses, today announces the availability of the latest version of Rapid7 NeXpose. NeXpose 4.6 enhances Rapid7's industry leading web application scanning and network vulnerability assessment solution and allows organization to scan entire networks and take full advantage of their Web applications.

Security experts agree as more and more organizations develop Web and Web 2.0 applications, vulnerabilities and exploits will increase exponentially. To mitigate the risk, many businesses turn to Web Application scanners. However, Web application scanners struggle to recognize and uncover vulnerabilities in new functionality such as JavaScript, AJAX, Flash Flex, ActionScript, ASP.NET 2.0 (Atlas) and .NET 3.0.

According to Gartner in Web 2.0 Needs Security by John Pescatore, "The dynamic and distributed nature of Web 2.0 applications means that some new approaches will be required to maintain the necessary level of business strength security. Vulnerability assessment techniques will need to be extended to deal with client-side executables and service-oriented architectures."

In 2006, Rapid7 developed Browser Emulation Scanning Technology (BEST) for scanning Web and Web 2.0 applications for vulnerabilities in JavaScript code. With BEST, Rapid7 takes NeXpose's robust, automatic Web spidering and analysis capabilities to the next level, and is the first to provide a vulnerability scanning solution that analyzes JavaScript, AJAX and Flash applications in testing, quality assurance, deployment and ongoing management.

Rapid7 developed BEST in response to the increased use of Asynchronous JavaScript and XML (AJAX) for dynamic Web programming, which makes Web sites and applications vulnerable to Document Object Model or DOM-based cross-site scripting (XSS) and other risks. DOM-based XSS allows an attacker to trick a Web application into emitting malicious JavaScript or HTML code that appears to come from the application when it runs in the browser of an unsuspecting user.

"With version 4.6, NeXpose allows organizations to leverage their investment in Web applications and secure their entire network," states Alan Matthews, president of Rapid7 LLC. "Web applications, including Web 2.0, consist of many moving parts such as databases, operating systems and third-party applications. At Rapid7, we understand that customers require a solution like NeXpose that provides optimal web scanning and is completely integrated with network vulnerability management".

NeXpose 4.6 includes the following new and enhanced features:

  • Browser Emulation Scanning Technology (BEST) Client-side scanning of Web applications for vulnerabilities in JavaScript, AJAX, Flash, Flex, ActionScript, ASP.NET 2.0 (Atlas) and .NET 3.0.
  • Web Application Pass-Through Scanning Unlike other scanners that stop when they find a vulnerability, NeXpose passes through the initial vulnerability to scan for deeper vulnerabilities.
  • Web-Spidering Technology - NeXpose 4.6 increases scalability and performance.
  • Batched Scanning – Reduces scan times and allows customers to target specific and mission critical addresses.
  • Content Scanning Customers can scan applications for specific content such as credit card and social security numbers.

First introduced in 2001, Rapid7’s NeXpose scans Web server applications, databases, operating systems, and network devices to locate threats, assess their risk to the environment, devise a remediation plan and implement the ticketing process. NeXpose incorporates an expert system to build a knowledge base of facts on the environment it is exploring and model potential targeted attacks to expose all existing threats. NeXpose provides reporting capabilities that ensure compliance with governmental regulations and corporate security configuration policies. NeXpose PCI Compliance services meet the security scanning requirements of the MasterCard Site Data Protection (SDP) Program.

About Rapid7

Rapid7 is the leading provider of unified vulnerability management, compliance, and penetration testing solutions, delivering actionable intelligence about an organization’s entire IT environment.  Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.

Recognized as the fastest growing vulnerability management company in the U.S. by Inc. Magazine, Rapid7 helps leading organizations such as Liz Claiborne, Southern Company, the United States Postal Service, the New York Times, Carnegie Mellon University and the National Nuclear Security Administration (NNSA) to mitigate risk and maintain compliance for regulations such as PCI, HIPAA, FISMA, SOX and NERC . Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world’s largest database of public, tested exploits.  For more information, visit www.rapid7.com.

Awards
inc500 Award Logo inc500 Award Logo 2009 Redherring Winner Logo 2009 Best Prodcuts Logo 2009 Tomorrow Tech Logo 2009 GPE Awrads Logo Finalist Hot Companies 2009 Logo Rapid7 Star100 Revised Graphic Gartner POS Rating Graphic SC Award Nominee 2008 Nominee 2008 Global Exeellence SC Awards 2007 Finalist Hot Companies of 2007 Customer Trust Logo Hot Company 2006 Logo SC 2006 Awards Winner
Most Read
Most Downloaded
Press Releases