Research Reports

SANS Report – Maturing and Specializing: Incident Response Capabilities Needed

Learn more about the capabilities needed in your incident response program with this high–powered SANS report.

Rapid7 Appspider Achieves Highest Score from Gartner for Web Application Security Testing

Rapid7's offering earned the highest rating for Web AST due to DAST features. These include its "universal translator," which enables testing of various types of exposed back-end interfaces, such as JSON, REST, SOAP, XML-RPC, Google Web Toolkit (GWT) RPC and Action Message Format (AMF). These features also include its enterprise capabilities — enterprise console, RBAC, one-click vulnerability verification, bug-tracking integration and extensive WAF integration.

SANS Product Review: Detect, Investigate, Scrutinize and Contain with Rapid7 UserInsight

Recent security breaches show that even companies with good defenses often don't find out their systems are infected until outsiders tell them about it. Although the obvious goal for an IT security organization is to prevent a systems breach, we must assume our networks will be breached despite our best defenses. Download the SANS product review whitepaper of Rapid7's UserInsight to learn more about UserInsight's features and use, and how you can protect against compromised credentials and data breaches.

SAP Penetration Testing Using Metasploit - How to Protect Sensitive ERP Data

This in-depth research paper explores a number of methods to exploit vulnerabilities within the SAP enterprise resource planning (ERP) system. These methods have been implemented and published in the form of more than 50 modules for Metasploit, a free, open source software for penetration testing.The modules enable companies to test whether their own systems could be penetrated by an attacker.

Rapid7 Report: Securing User Risk

Rapid7 surveyed more than 550 organizations about the access and security controls they have in place to reduce the risk of user-oriented attacks.

Rapid7 Report: Securing the Endpoint

Rapid7 surveyed more than 600 organizations about the use of security protocols commonly deployed to protect against endpoint attacks.

Rapid7 Report: The Rise and Risk of Mobile Devices in the Workplace

Rapid7 surveyed more than 500 organizations about their mobile device security practices. The questions investigate the use of mobile devices in their workplace and the security protocols in place to protect against data breaches.

Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.

This whitepaper details research conducted by Rapid7, which reveals that around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. The paper investigates how three groups of security flaws relating to the UPnP protocol are exposing millions of users to attacks that could lead to a remote compromise of the vulnerable device.

Rapid7 Report: Data Breaches in the Government Sector

Rapid7, the leading provider of security risk intelligence solutions, analyzed data collected and categorized by the Privacy Rights Clearinghouse Chronology of Data Breaches. Using this data, the company outlined patterns for government data breaches, including year, month, location and breach type patterns. This information and tips for protecting infrastructure can ensure that government IT environments stay protected against malicious attacks and unintended disclosure.