4 min
InsightAppSec
How InsightAppSec Can Help You Improve Your Approach to Application Security
In this post, we’ll explore why modern apps require modern testing and how our DAST tool, InsightAppSec, is leading the way with the most sought-after needs for application security teams.
7 min
Web Application Security Scanning and the Art of Automation
A version of this blog was originally posted on Nov. 5, 2012.
Few people fully appreciate the difficulty in creating a web application
security scanner [http://www.rapid7.com/products/appspider/] that can actually
work well against most sites. In addition, there is much debate about how much
application security testing can be automated and how much needs be done by
human hands. Let's look at a recent conversation
[https://twitter.com/jeremiahg/status/264399382340841472] among some industry
exp
1 min
AppSpider
Mobile Application Security: Think Twice Before Placing Football Bets
A version of this blog was originally posted on September 25, 2013.
Have you heard about the vulnerability in the Yahoo! Fantasy Football app
[https://threatpost.com/yahoo-fantasy-football-app-vulnerable-update-available/102180]
? If Knowshon Moreno's
[http://www.sbnation.com/fantasy/2013/9/24/4764778/knowshon-moreno-fantasy-football-broncos-vs-raiders-recap]
performance on Monday against the Oakland Raiders got you down, you might want
to read this warning to fantasy football players: Don't p
2 min
Application Security
3 Tips for Finding the Best Website Security Scanner
A version of this blog was originally posted on July 16, 2013
While it takes some work to find the best website security scanner for your
organization, if you follow these three simple guidelines, you'll be off to a
good start.
Although accurate automated application security testing has been common
practice for many organizations for over 10 years, it remains a very difficult
and complex process. There are automation techniques that ensure a scan is as
automated as possible, reduces scan time
2 min
AppSpider
3 Big Trends in Application Security
A version of this blog was originally posted on July 18, 2013
With application security it seems there is never a dull moment. Different
facets of web security continue to evolve from the hackers and the hacks to the
techniques we use to combat them. Here are some of the trends we see emerging
and maturing as best practices. Let us know if you are implementing these and
how it's going!
1. Continuous Scanning
There's a lot of buzz around the concept of continuous scanning, but in the
world of
2 min
Application Security
Fix Security Defects Earlier with AppSpider and Selenium Integration
[A version of this blog was originally posted on September, 24 2014]
It's a well-known fact that it costs less to fix security defects
[http://www.rapid7.com/products/appspider/] earlier in the software development
lifecycle than later. But because most security professionals are experts in
security and less familiar with applications, and QA teams are experts in
applications and less familiar with security, integrating security testing
earlier in the software development lifecycle can be a cha
3 min
AppSpider
5 Must-Haves for Modern Application Security Scanners
Dynamic Application Security Testing (DAST) solutions have been around for over
a decade, so you might think the market is static. But, that's hardly the case.
Web applications and malicious hackers continue to evolve and DAST solutions
need to keep pace. According to Gartner, DAST technology analyzes applications
in their running state (in real or “almost” real life) during operation or
testing phases. It simulates attacks against a Web application, analyzes
application reactions and, thus, det
2 min
AppSpider
Top 10 Business Logic Attack Vectors
I thought I'd take a moment to dig a little deeper on our whitepaper titled “Top
10 Business Logic Attack Vectors."
Why did we write this paper?
1. Business logic vulnerabilities are not new, but these vulnerabilities are
common, dangerous and are too often untested.
2. Security experts need to know that these must be tested manually and must
not be overlooked. It is imperative to complement automated testing process
with a human discovery of security risks that can be exploited
4 min
AppSpider
7 Deadly Sins: Unlock the Gates of Mobile Hacking Heaven
I've spent the past year hacking mobile applications in an effort to uncover the
most common security mistakes made during development. I found that most of the
problems are related to session management – the process of authenticating the
user and ensuring an attacker isn't impersonating a user or eavesdropping on the
service. In most cases, a vulnerability in any single area isn't a significant
liability. However, the more mistakes that are made, the easier it is to attack
the app. Here is wh
3 min
AppSpider
Security Testing Complex Workflows, Not So Complex Anymore
Conducting web application security testing
[https://www.rapid7.com/fundamentals/web-application-security-testing/]for
complex workflows can be a real pain. In order to find vulnerabilities, valid
test data must be passed through exactly as the workflow prescribes. Most web
application security testing scanners aren't up for the job, so security testers
must supplement their scans with manual testing.
If your organization has just a couple applications that aren't changing, then
manual testing
3 min
AppSpider
7 Ways to Improve the Accuracy of your Application Security Tests
For more than 10 years, application security testing
[https://www.rapid7.com/fundamentals/web-application-security-testing/] has been
a common practice to identify and remediate vulnerabilities in their web
applications. While, it's difficult to figure out the best web security software
for your organization, there are seven key techniques that not only increase
accuracy of testing in most applications, but also enable teams to leverage
expert resources to test necessary areas by hand.
IT secur
4 min
AppSpider
Modernize Your Application Security Scanning in Four Easy Steps
You've built modern mobile and rich internet applications (RIAs) that are sure
to improve your business' next major revenue stream. Conscious of security,
you've ensured that the native application authenticates to the server, and
you've run the app through a web application security scanner to identify
weaknesses in the code. Those vulnerabilities have been remediated, and now
you're ready to go live.
Not so fast.
Despite your best intentions, chances are good your mobile and rich internet
ap
2 min
AppSpider
7 Things About Dan Kuykendall
Hello! I'm Dan Kuykendall. Since I'm new to the Rapid7 family, I thought I'd
take a moment to introduce myself with 7 factoids about me:
1. I'm not a geek, or a nerd—but a neek: Some people might think of me as a
nerd, but I proudly prefer to think of myself as part geek and part nerd, so
maybe I'm a neek. For all of you doubters out there, there is a difference -
learn more about the differences between nerds and geeks with this awesome
Infographic. Fellow neeks, I know you kn
1 min
AppSpider
NT OBJECTives Acquired by Rapid7!
I'm excited to connect with you through this first blog post as part of the
Rapid7 team. Rapid7 has just acquired the company I co-founded, NT OBJECTives
(NTO), an application security company specializing in dynamic application
security testing software (DAST). Our NTO team is eager to be part of Rapid7 and
to continue to innovate in Application Security as part of Rapid7's Thread
Exposure Management solutions.
So, a quick introduction: I'm Dan Kuykendall. I have been with NT OBJECTives for
ov