2010 Press Releases

PDF Version

Rapid7 Launches Worldwide Center Of Excellence For Web Security And Kicks Off Initiative With W3AF Sponsorship And Partnership

Vulnerability Management Leader Expands Collaboration with Open Source Community; w3af Founder Andrés Riancho Joins Rapid7 as Director of Web Security

BOSTON, Mass. – July  28, 2010 – Rapid7®, the leading provider of unified vulnerability management  and penetration testing solutions, today launched the Worldwide Center of Excellence (COE) for Web security, an initiative to expand Rapid7's collaboration with the open source community and further provide the industry with solutions for securing Web and application infrastructure.  As part of the initiative, Rapid7 is sponsoring and partnering with w3af, the open source Web application attack and audit framework, and welcomes w3af founder Andrés Riancho as Rapid7 director of Web security and leader of the program. 

Web application attacks are increasing each day and companies of all sizes are demanding solutions to protect their infrastructure from threats including cross-site scripting, injection flaws, and broken authentication and session management.  With that in mind, Rapid7 has continued its vision and expansion of its flagship product Nexpose® to create broad security best practices for organizations securing their networks, operating systems, databases and Web applications.  The Worldwide COE will start with the w3af collaboration to enable the Company to expand its current Web application security research and development, recently recognized by Forrester Research, Inc. for its industry-only scanning capabilities that address AJAX and Web 2.0 technologies.*

"Rapid7 remains firmly committed to driving change in the security industry and believes that open source development is one of the keys to proactive security.  It is critical for our industry to support current projects and to encourage the start of new ones.  For our part, we're dedicated to the Metasploit Framework and w3af, and our researchers have continued to work with projects like BackTrack LiveCD and BeEF," said Mike Tuchen, Rapid7 president and CEO.  "Given the pace of security innovations, proprietary software development models are doomed to a perpetual game of catch-up if they operate in isolation.  Collaborating with the security community at large is the only way our industry can truly keep pace with the continuous change in today's threat landscape."

Currently, Nexpose is the only vulnerability management system that provides Web application scanning with capabilities for AJAX and Web 2.0 technologies.  As part of the partnership with w3af, Rapid7 will enhance its already-considered best-in-class commercial offerings by improving Nexpose's Web application security scanning performance and providing further enhancements in scan accuracy, the detection of a broader scope of vulnerabilities and superior support for client-side technologies that are widely used. 

With its sponsorship and commitment to the w3af community, Rapid7 will contribute full-time developers that will accelerate the project's impact in the community by furthering development output, expanding quality assurance efforts, implementing best practices and increasing community outreach.  Riancho will devote additional time to design the heuristics and algorithms required to maintain the framework as a world-class Web application security solution.  The w3af license and its copyrights will remain the same.

"Since its inception, w3af has been used extensively by penetration testers and security consultants, and has advanced considerably as a result of the community.  Rapid7's Worldwide COE and its sponsorship and partnership with w3af will further that growth, similar to the advancements of the Metasploit project since Rapid7's acquisition in October 2009," said Andrés Riancho, w3af founder and Rapid7 director of Web security.  "There is tangible evidence of the benefit of collaboration between community projects and commercial vendors, and I'm excited to join a company with an unwavering commitment to security research and the community that is unlike others in the market."

Rapid7 Nexpose identifies vulnerabilities across networks, operating systems, databases, Web applications and a wide-range of system platforms through an integrated, intelligent scan engine.  As a unified vulnerability management product, Nexpose prioritizes vulnerabilities using exploit risk scoring and asset criticality ratings.  As a result of its collaboration with Metasploit, Rapid7 enhanced its offerings with Exploit Exposure™ to provide additional insight into the breach paths for vulnerabilities identified across multiple threat vectors and is the only vulnerability management solution to use proprietary and publicly-available exploit intelligence to perform risk classification.  Rapid7 has also introduced Metasploit Express™, an affordable, easy-to-use penetration testing solution powered by Metasploit.

"The addition of the skills, knowledge and abilities from w3af will further widen the gap between Rapid7 technologies and the rest of the pack.  As with the Metasploit collaboration, the addition of this skill set raises the bar for competitors to deliver more value to their customers or lag behind in their capabilities," said Corey Thomas, Rapid7 executive vice president of sales, marketing and services.  "World-class security research is a highly specialized skill and Rapid7 now has three centers of research excellence working together to provide proactive threat management to our customers and community user base."

Since the acquisition of Metasploit, Rapid7 and the Metasploit team have released five versions of the Metasploit Framework, which is five times the annual rate prior to the acquisition.  In the first half of 2010, the Metasploit Framework was downloaded or updated by over 740,000 unique individuals, nearly double the amount of participants in the second half of 2009.  This growth added to the success of other community-based products, like the Nexpose Community Edition, a free single-use vulnerability management product that includes out-of-the-box integration with the Metasploit Framework.

*Forrester Research, Inc. "The Forrester Wave: Vulnerability Management, Q2 2010" report

About Rapid7

Rapid7 is the leading provider of security risk intelligence solutions. Rapid7's integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are being used by more than 1,700 enterprises and government agencies in more than 65 countries worldwide, while the Company's free products are downloaded more than one million times per year and enhanced further by over 125,000 security community users and contributors. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.

Awards
SC Magazine Finalist Deloitte Fast 500 Award Logo ASC Award inc500 Award Logo 2009 Redherring Winner Logo 2009 Best Prodcuts Logo 2009 Tomorrow Tech Logo 2009 GPE Awrads Logo Finalist Hot Companies 2009 Logo Rapid7 Star100 Revised Graphic SC Award Nominee 2008 Nominee 2008 Global Exeellence SC Awards 2007 Finalist Hot Companies of 2007 Customer Trust Logo Hot Company 2006 Logo SC 2006 Awards Winner
Most Read
Most Downloaded
Press Releases