• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Unified Vulnerability Management
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • CISSP Seminar
  • NeXpose Training
  • Security Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Management
• Customers
• Partners
• Press Room
• Events
• Contact
• Careers

PR Contact

Beth Bryant
BBWrites Strategic Communications
(508) 786-3013
Email Press Contact

• PDF format

Rapid7 Introduces Browser Emulation Scanning Technology (BEST) for Detecting JavaScript Code Vulnerabilities in Web Applications

Rapid7 is First to Deliver a Vulnerability Scanning Solution That Analyzes Code in Deployed Web Applications

Boston - November 15, 2006 - Rapid7, provider of the award-winning NeXpose enterprise vulnerability management solution, today introduces Browser Emulation Scanning Technology (BEST) for scanning Web applications for vulnerabilities in JavaScript code. With BEST, Rapid7 takes NeXpose's robust, automatic Web spidering and analysis capabilities to the next level, and is the first to provide a vulnerability scanning solution that analyzes JavaScript code in deployed, running Web applications.

Rapid7 developed BEST in response to the increased use of Asynchronous JavaScript and XML (AJAX) for dynamic Web programming, which makes Web sites and applications vulnerable to Document Object Model or DOM-based cross-site scripting (XSS) and other risks. DOM-based XSS allows an attacker to trick a Web application into emitting malicious JavaScript or HTML code that appears to come from the application when it runs in the browser of an unsuspecting user.

NeXpose thinks like the browser and performs static analyses of the JavaScript code embedded in Web applications. As a result, NeXpose uncovers exposures not found by other vulnerability assessment solutions, which only scan for vulnerabilities at the server and application levels.

"With the explosion of AJAX for developing interactive Web applications, there is more complex, rich-client functionality via JavaScript, which creates further opportunities for exposures that can put organizations at risk," said Alan Matthews, president of Rapid7 LLC. "Web 2.0 contains numerous threats, such as DOM-based cross-site scripting, race conditions, cross-site request forgery (XSRF) and data manipulation. NeXpose eliminates these threats by taking a multi-pronged approach that includes front and back-end scanning of the Web server, Web applications and the embedded JavaScript code."

"Because Web applications are frequently modified, they are more susceptible to vulnerabilities, particularly within their source code," stated Neil MacDonald, VP and Distinguished Analyst, Gartner. "The increasing use of rich user interface designs in AJAX-based Web applications means that JavaScript source code scanning must become a standard part of Web application security scanning."

Rapid7's BEST is available in the current release of NeXpose, Version 4.1. Future NeXpose releases will extend BEST coverage to Adobe/Macromedia Flash and ActionScript.

About NeXpose

Rapid7's award-winning NeXpose Unified Vulnerability Management (UVM) product is an all-in-one security solution that scans Web servers, Web applications, databases and networks to locate threats, assess their risk to the environment and devise a remediation plan. NeXpose incorporates an expert system to build a knowledge base of facts on the environment it explores and model potential targeted attacks to expose all existing threats. NeXpose provides robust reporting capabilities that ensure compliance with governmental regulations, corporate security configuration policies, and the PCI Data Security Standard. NeXpose is available as an appliance, downloadable software or an On-Demand hosted solution.

About Rapid7

Rapid7 is the leading provider of Unified Vulnerability Management (UVM) solutions. NeXpose provides network, database and web application vulnerability management for enterprise deployments and small to medium businesses. Rapid7 was founded in 2000 by a team of software industry veterans who were major contributors to product development and subsequent growth and success at Percussion Software, Bond Technologies and Stride & Associates. Since introduced, NeXpose has been sold to corporate enterprises, Global 2000 companies, and government entities, and serves the full range of vertical markets across the U.S. and abroad. In addition, Rapid7 provides compliance products and services for PCI, HIPAA and Sarbanes Oxley. Rapid7 is headquartered in Boston, MA, with offices in California and the United Kingdom.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact