Last updated at Tue, 28 Nov 2017 20:20:13 GMT

Powerful Yet Simple DAST Scanning Gets Even Better

InsightAppSec, Rapid7’s cloud-powered web application security testing solution, has added three powerful new features:

  • On-premise scan engines
  • JIRA integration
  • Scan Activity view

Test Your Internal Applications and Reduce Your Risk

Web application security testing shouldn’t be limited to external, internet-facing production applications. Testing only in production means greater risk and the increased likelihood that vulnerabilities are present when attackers are actively scanning for opportunities. Security assessments of your applications, done earlier in the development cycle prior to production, mean security issues are much more likely to get fixed before they’re exposed to the internet.

InsightAppSec now has the ability to scan internal, non-internet-facing applications (like pre-production apps still under development or testing) with the assistance of a lightweight scan engine deployed on-premise. The engine installer can be downloaded directly from InsightAppSec, and installed and paired in minutes. When an on-premise scan engine is used, scan results are sent to the Insight platform, to be stored and visible alongside all other scan results.

With on-premise engines, you can assess the security of your applications earlier in the Software Development Lifecycle (SDLC), addressing issues before they hit production and avoiding undue security risk.

Don’t Let Another App Vulnerability Get Lost in an Inbox

Remediating common application vulnerabilities requires careful coordination and collaboration between security and development teams. Even today, results of application security assessments are often delivered to development teams in some outdated form, like a PDF attached to an email. Emails get lost, don’t get opened for days or weeks, or are simply ignored. The longer the development team is unaware of a security issue in their application, the harder it gets to fix that vulnerability; software design choices and code changes accumulate, and all that work might need to be refactored or re-done to fix the underlying cause of the vulnerability.

InsightAppSec now integrates with Atlassian’s JIRA to remedy this problem. Security teams can now export vulnerabilities found in InsightAppSec scans directly into the development team’s JIRA project. With this integration, developers will see security bugs right next to their functional bugs and development tasks, thus increasing the likelihood that security issues will be quickly remediated. This integration creates a powerful input into the Software Development Lifecycle.

All the Scans, at a Glance

InsightAppSec was designed to scale to meet the needs of all of our customers, from smaller organizations to large enterprises with hundreds or even thousands of applications. As the pace of development accelerates and release cycles get shorter, web application scanning needs to occur more regularly and frequently. The volume of scans will naturally grow as a result, and managing all those scans could become a time-consuming, cumbersome task without the right solution in place.

InsightAppSec’s new Scanning Activity view allows users to see, at a glance, the status of currently running and past scans, with a trend chart that displays progress of application security assessments over time. The view also makes it easy to zoom in on a particular period of time to see how many scans were run, the number of vulnerabilities found, how long the scans took, and the overall risk of an app based on the scan results. With this new view, security teams will save precious time in tracking and managing scans, freeing them up to pursue more critical tasks.

Whether you have a fully mature appsec program or are just starting out, Rapid7 can help you reduce your application security risk with several products and services designed to meet your needs. Check out our website for more information.