Posts by Kim Dinerman

3 min Javascript

Web Application Security Testing: Single Page Applications Built with JavaScript Frameworks

In recent years, more and more applications are being built on popular new JavaScript frameworks like ReactJS and AngularJS. As is often the case with new application technologies, these frameworks have created an innovation gap for most application security scanning solutions and an acute set of challenges for those of us who focus on web application security [https://www.rapid7.com/solutions/web-application-security.jsp]. It is imperative that our application security testing approaches keep p

3 min Application Security

Lessons Learned in Web Application Security from the 2016 DBIR

We spent last week hearing from experts around the globe discussing what web application security insights we have gotten from Verizon's 2016 Data Breach Investigations Report. Thank you, Verizon, and all of your partners for giving us a lot to think about! We also polled our robust Rapid7 Community asking them what they have learned from the 2016 DBIR. We wanted to share some of their comments as well: Quick Insights from the Rapid7 Community > "I find that the Verizon Data Breach Investigati

2 min Verizon DBIR

The 2016 Verizon Data Breach Investigations Report (DBIR) - A Web Application Security Perspective

The 2016 Verizon Data Breach Investigations Report [http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/] (DBIR) is out and everyone is poring over the report to see what new insights we can take from last year's incidents and breaches. We have not only created this post to look at some primary application security takeaways, but we also have gathered guest posts from industry experts. Keep checking back this week to hear from people living at the front lines of web application secur

3 min AppSpider

Modern Applications Require Modern Dynamic Application Security Testing (DAST) Solutions

Is your Dynamic Application Security Testing (DAST) solution leaving you exposed? We all know the story of the Emperor's New Clothes. A dapper Emperor is convinced by a tailor that he has the most incredible set of clothes that are only visible to the wise. The emperor purchases them, but cannot see them because it is just a ruse. There are no clothes. Unwilling to admit that he doesn't see the clothes, he wanders out in public in front of all of his subjects, proclaiming the clothes' beauty unt

6 min API

AppSpider's Got Swagger: The first end-to-end security testing for REST APIs

We are thrilled to announce a major new innovation in application security testing. AppSpider is the first Dynamic Application Security Testing (DAST) solution capable of testing Swagger-enabled APIs. Swagger is one of the most popular frameworks for building APIs and the ability to test Swagger-enabled APIs is not only a huge time savings for application security testing experts, but also enables Rapid7 customers to more rapidly reduce risk. Why does this matter? Modern applications make liber

3 min Exploits

Watch your SaaS: Partial parameter checking or the case of unfinished homework

“Laws are like sausages. It's better not to see them being made.” – Otto von Bismarck I'm not sure how many of you have kids or how diligent they are with their homework but I'm sure you've heard stories of parents observing that their kids have finished their homework in a remarkably short period of time.  However, upon investigation, you quickly discover that your child has only finished half of their homework. Sadly, this state of affairs can also be true for SAAS providers offering web app

2 min Exploits

SQL Injection Vulnerabilities: 4 Reasons Security Teams Can't Stop Them

SQL injection vulnerabilities [https://www.rapid7.com/resources/videos/what-is-sql-injection.jsp] have threatened application security for over 15 years and most security experts and many developers alike understand SQLi very well. So why are they still quite common, despite the fact that we, as an industry, know how to prevent them? Related Resource: Download our SQL Injection Basics Toolkit [https://information.rapid7.com/sql-injection-attacks-basics-toolkit.html?CS=community] SQLInjection i

2 min Exploits

Why SQL Injection Vulnerabilities Still Exist: 8 Reasons Developer's Can't Eliminate Them

Knowing how to prevent a SQL injection vulnerability is only half the web application security battle. A multitude of factors come into play when it comes to writing secure code, many of which are out of the developers' direct control. That's why common vulnerabilities like SQL injection continue to plague today's applications, and why application security testing software is so important. These problems can be overcome – with a little insight, organizations can begin to address these challenges

3 min AppSpider

Mobile application security: Lock the back door!

Mobile application security A few years ago, Sean Gallagher wrote this article that we believe outlines one of the most important areas of application security risk today, mobile application security. In his article for Ars Technica, “Mobile Application Security: Always Keep the Back Door Locked [http://arstechnica.com/security/2013/02/mobile-app-security-always-keep-the-back-door-locked/] ,” Gallagher outlines that its important to address mobile application security because many of the mobile