Last updated at Mon, 21 Aug 2017 16:37:59 GMT

I'm pleased to announce that NT OBJECTives (NTO) -- the technology leader in Web Application Scanning and Dynamic Application Security Testing -- has joined the Rapid7 family.  This is an exciting day for both Rapid7 and NT Objectives to combine with an increased focus to help companies protect themselves from increasing threats facing web applications.  Protecting web applications has never been more important.  The 2015 Verizon Data Breach Investigation Report highlights that web application attacks remain the most frequent incident pattern in confirmed breaches and accounted for up to 35% of breaches in some industries. It's also estimated that nearly 50% of those incidents take months or longer to discover.  While our solutions for threat exposure management already offer capabilities for web application scanning, we believe that there is a great opportunity to enhance our capabilities and delve further into Web and Mobile Application Security testing.

As we looked at the opportunities in the Dynamic Application Security Testing market, we realized that NTO was a great fit for Rapid7 in terms of both technology and culture.  We're very pleased that the NTO team -- including co-founder and co-CEO Dan Kuykendall -- will be joining Rapid7 to continue their mission of helping enterprises to secure their applications.

As of today we have launched the NTO products under a new Rapid7 name, AppSpider.  AppSpider analyzes web applications for security vulnerabilities and enhances organizations' ability to effectively reduce IT security risk.  You can head over to the new page on, but I wanted to highlight a few things that really sold me on this solution:

  • Universal Translator: The solution's unique 'Universal Translator' technology enables security teams to analyze even the most complex applications, including rich Internet applications (AJAX, GWT) and web services (REST, JSON), to provide greater visibility of risks. This results in more complete and comprehensive coverage of applications.
  • Live Vulnerability Reports and Attack Replay: Rapid7 deeply believes that demonstrating the how to exploit a vulnerability is a powerful way of choosing what to prioritize -- this is the cornerstone of our unique integration between Metasploit and Nexpose.  AppSpider provides interactive actionable reports with great organization and links for deeper analysis. Within reports, users can replay vulnerabilities in real-time to confirm vulnerabilities are exploitable and then remediated -- it's an experience with some of the same power as Metasploit.
  • Integration with Protection Technologies:  Responding rapidly to protect a vulnerable application is one of the keys to helping to address the concerning realities that I mentioned from the Verizon report.  AppSpider will automatically generate Web Application Firewall (WAF) rules that help to protect vulnerable applications while the vulnerabilities are being remediated.  AppSpider supports most leading WAFs and IPS's including F5, Sourcefire and Imperva.

There's a lot more to discover about the newest member of the Rapid7 family and we'll be talking about this a lot more and going in-depth at our upcoming UNITED conference. So if you're attending UNITED in June, you'll have a chance to see AppSpider in person and hands-on, as well as meet Dan Kuykendall and say hello.

We believe that adding this technology to Rapid7's Threat Exposure Management Solution will provide information security and developer operations teams with increased ability to assess risk in assets and applications in their environments. Combined with Rapid7's security analytics, this will enable security professionals to identify impactful actions for reducing IT security risk.

- @leeweiner