Research Reports

SAP Penetration Testing Using Metasploit - How to Protect Sensitive ERP Data

This in-depth research paper explores a number of methods to exploit vulnerabilities within the SAP enterprise resource planning (ERP) system. These methods have been implemented and published in the form of more than 50 modules for Metasploit, a free, open source software for penetration testing.The modules enable companies to test whether their own systems could be penetrated by an attacker.

Rapid7 Report: Securing User Risk

Rapid7 surveyed more than 550 organizations about the access and security controls they have in place to reduce the risk of user-oriented attacks.

Rapid7 Report: Securing the Endpoint

Rapid7 surveyed more than 600 organizations about the use of security protocols commonly deployed to protect against endpoint attacks.

Rapid7 Report: The Rise and Risk of Mobile Devices in the Workplace

Rapid7 surveyed more than 500 organizations about their mobile device security practices. The questions investigate the use of mobile devices in their workplace and the security protocols in place to protect against data breaches.

Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.

This whitepaper details research conducted by Rapid7, which reveals that around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. The paper investigates how three groups of security flaws relating to the UPnP protocol are exposing millions of users to attacks that could lead to a remote compromise of the vulnerable device.

Rapid7 Report: Data Breaches in the Government Sector

Rapid7, the leading provider of security risk intelligence solutions, analyzed data collected and categorized by the Privacy Rights Clearinghouse Chronology of Data Breaches. Using this data, the company outlined patterns for government data breaches, including year, month, location and breach type patterns. This information and tips for protecting infrastructure can ensure that government IT environments stay protected against malicious attacks and unintended disclosure.