Last updated at Wed, 27 Dec 2023 18:23:40 GMT

Things are always brewing in Rapid7 product development. Today, we’re excited to announce several exciting new features in InsightAppSec, our cloud-powered application security testing solution for modern web apps.

These include:

  • Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements
  • PDF report generation
  • The Rapid7 AppSec Toolkit
    • Macro Recorder
    • Traffic Viewer
    • RegEx Builder
    • Swagger/Rest API Utility
    • Encoder/Decoder Utility
    • Request Builder

Assess and Report on Your Web Applications’ Compliance Posture

With nothing required to install, and intuitive workflows wrapped in a modern user interface, InsightAppSec drastically reduces the amount of time it takes to start scanning your web applications for vulnerabilities. In the latest release of InsightAppSec, we’ve extended these benefits to include compliance-focused reporting. It only takes a couple of clicks to generate a compliance report for your assessed web applications and determine their pass-or-fail status against requirements like PCI, HIPAA, SOX, and OWASP 2017. Even better, you now have a PDF format option—in addition to HTML—when creating a report.

Reports are intuitively laid out, so your compliance stakeholders find the information they’re looking for—quickly.

Extend Coverage and Fine-Tune Scans with the Rapid7 AppSec Toolkit

The Rapid7 AppSec Toolkit is a collection of utilities designed to enhance and fine-tune your InsightAppSec and AppSpider scans.

  • Traffic Recorder
    • Set up a proxy server with the AppSec Toolkit to record HTTP traffic sent to and received by your target web application. The generated .trec files can be ingested by InsightAppSec and AppSpider to extend scan coverage.
  • Macro Recorder
    • Record interactions with your web application’s GUI, like a login or shopping cart checkout sequence. Login macros can be used to configure authenticated scans with InsightAppSec or AppSpider. Other macros can be used to test linear sequences in an application, like a shopping cart checkout.
  • Traffic Viewer
    • View and edit the requests and responses in a recorded traffic (or .trec) file.
  • Request Builder
    • Manually build HTTP requests, typically used for testing REST APIs.
  • Regex Builder
    • Build and test regular expressions, used in InsightAppSec and AppSpider to define scan scope.
  • Defend
    • Import the XML summary of vulnerabilities generated by AppSpider to create custom WAF rules.
  • Encoder/Decoder Utility
    • Convert strings from hex to binary, to ASCII to Base64-encoded and so on. This comes in handy when testing web apps that expect input strings encoded in a specific format.
  • Swagger Utility
    • Ingests Swagger REST API definition JSON files and outputs them as as set of requests that can then be used in an InsightAppSec or AppSpider scan.