Training & Certification
Request a Proposal
User Behavior Analytics
By Compliance Requirement
Find a Partner
News & Press Releases
Events & Webcasts
Society's rapidly increasing reliance on technology in both personal and professional realms offers great benefits. But it also introduces risk as these systems are complex and likely contain vulnerabilities or configuration challenges. Rapid7 believes it is imperative to identify and understand the risks associated with technical systems and services so their users can take steps to protect themselves. This is why we invest in security research. We analyze both enterprise and consumer technologies to understand their weaknesses, configuration challenges, and vulnerabilities, and we share the resulting insights broadly and openly, giving our community the information they need to learn about, and mitigate, their risk. Our approach focuses on education and remediation, and we hope to help make technology safer for users, so they can focus on reaping the benefits of technological innovation without threat of unintended negative consequences.
We conduct a broad range of research across four areas:
We believe security is the responsibility of all technology users, manufacturers, and intermediaries and that collaboration is the only way to achieve long-term change. That’s why we’re committed to openly sharing security information, helping our peers to learn, grow, and develop new capabilities, and supporting each other in raising and addressing issues that affect the cybersecurity community.
Our aim with this research is to identify potentially harmful issues so they can be mitigated, either by the technology provider, or by the user. It's not our intent to shame the companies who introduce these bugs. Rather, we coordinate our disclosures with vendors and CERT to quickly develop and deploy fixes and publish our findings routinely so other software developers can learn how to avoid similar problems and users can learn a little more about the security issues that permeate their online lives.
Public vulnerability disclosures issued by Rapid7 over the previous 12 months can be found below. You can also stay current by visiting our Information Security blog.
All of these issues were disclosed in accordance with our public disclosure policy.
Sometimes, a research project grows beyond the bounds of a single product or vulnerability. In these cases, we produce original research reports regarding these classes of vulnerabilities, such as Hacking IoT: A Case Study on Baby Monitor Exposures and Vulnerabilities.
We run two major telemetry projects:
Project Sonar is a flexible and stable framework for conducting internet-wide scans. Like our vulnerability disclosures and exploits, we publish the data we collect for free to encourage scientists, engineers, and anyone else interested in the nature and form of the internet to make their own discoveries.
The Heisenberg Project is a collection of honeypots distributed both geographically and across IP space. The honeypots offer the front end of various services to learn what other scanners are up to (usually no good) and to conduct "passive scanning" to help enhance our understanding of the threat landscape.
For these projects, we design meaningful surveys and apply modern survey methodology to best craft the questions, reduce the bias and noise generated, and target the audiences most relevant to the subject matter.
For example, we recently surveyed over 270 security professionals in order to collect some insight around the average security team size, the adoption of cloud services, and the most pressing challenges those teams face today.