3 min
Javascript
Web Application Security Testing: Single Page Applications Built with JavaScript Frameworks
In recent years, more and more applications are being built on popular new
JavaScript frameworks like ReactJS and AngularJS. As is often the case with new
application technologies, these frameworks have created an innovation gap for
most application security scanning solutions and an acute set of challenges for
those of us who focus on web application security
[https://www.rapid7.com/solutions/web-application-security.jsp]. It is
imperative that our application security testing approaches keep p
Read Full Post
3 min
Application Security
Lessons Learned in Web Application Security from the 2016 DBIR
We spent last week hearing from experts around the globe discussing what web
application security insights we have gotten from Verizon's 2016 Data Breach
Investigations Report. Thank you, Verizon, and all of your partners for giving
us a lot to think about!
We also polled our robust Rapid7 Community asking them what they have learned
from the 2016 DBIR. We wanted to share some of their comments as well:
Quick Insights from the Rapid7 Community
> "I find that the Verizon Data Breach Investigati
Read Full Post
2 min
Verizon DBIR
The 2016 Verizon Data Breach Investigations Report (DBIR) - A Web Application Security Perspective
The 2016 Verizon Data Breach Investigations Report
[http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/] (DBIR) is out
and everyone is poring over the report to see what new insights we can take from
last year's incidents and breaches. We have not only created this post to look
at some primary application security takeaways, but we also have gathered guest
posts from industry experts. Keep checking back this week to hear from people
living at the front lines of web application secur
Read Full Post
3 min
AppSpider
Modern Applications Require Modern Dynamic Application Security Testing (DAST) Solutions
Is your Dynamic Application Security Testing (DAST) solution leaving you
exposed?
We all know the story of the Emperor's New Clothes. A dapper Emperor is
convinced by a tailor that he has the most incredible set of clothes that are
only visible to the wise. The emperor purchases them, but cannot see them
because it is just a ruse. There are no clothes. Unwilling to admit that he
doesn't see the clothes, he wanders out in public in front of all of his
subjects, proclaiming the clothes' beauty unt
Read Full Post
6 min
API
AppSpider's Got Swagger: The first end-to-end security testing for REST APIs
We are thrilled to announce a major new innovation in application security
testing. AppSpider is the first Dynamic Application Security Testing (DAST)
solution capable of testing Swagger-enabled APIs. Swagger is one of the most
popular frameworks for building APIs and the ability to test Swagger-enabled
APIs is not only a huge time savings for application security testing experts,
but also enables Rapid7 customers to more rapidly reduce risk.
Why does this matter?
Modern applications make liber
Read Full Post
3 min
Exploits
Watch your SaaS: Partial parameter checking or the case of unfinished homework
“Laws are like sausages. It's better not to see them being made.” – Otto von
Bismarck
I'm not sure how many of you have kids or how diligent they are with their
homework but I'm sure you've heard stories of parents observing that their kids
have finished their homework in a remarkably short period of time. However,
upon investigation, you quickly discover that your child has only finished half
of their homework.
Sadly, this state of affairs can also be true for SAAS providers offering web
app
Read Full Post
2 min
Exploits
SQL Injection Vulnerabilities: 4 Reasons Security Teams Can't Stop Them
SQL injection vulnerabilities
[https://www.rapid7.com/resources/videos/what-is-sql-injection.jsp] have
threatened application security for over 15 years and most security experts and
many developers alike understand SQLi very well. So why are they still quite
common, despite the fact that we, as an industry, know how to prevent them?
Related Resource: Download our SQL Injection Basics Toolkit
[https://information.rapid7.com/sql-injection-attacks-basics-toolkit.html?CS=community]
SQLInjection i
Read Full Post
2 min
Exploits
Why SQL Injection Vulnerabilities Still Exist: 8 Reasons Developer's Can't Eliminate Them
Knowing how to prevent a SQL injection vulnerability is only half the web
application security battle. A multitude of factors come into play when it comes
to writing secure code, many of which are out of the developers' direct control.
That's why common vulnerabilities like SQL injection continue to plague today's
applications, and why application security testing software is so important.
These problems can be overcome – with a little insight, organizations can begin
to address these challenges
Read Full Post
3 min
AppSpider
Mobile application security: Lock the back door!
Mobile application security
A few years ago, Sean Gallagher wrote this article that we believe outlines one
of the most important areas of application security risk today, mobile
application security. In his article for Ars Technica, “Mobile Application
Security: Always Keep the Back Door Locked
[http://arstechnica.com/security/2013/02/mobile-app-security-always-keep-the-back-door-locked/]
,” Gallagher outlines that its important to address mobile application security
because many of the mobile
Read Full Post