Posts tagged API

API Security: Best Practices for a Changing Attack Surface

APIs have become a large part of the application attack surface, making API security a critical consideration.

XSS in JSON: Old-School Attacks for Modern Applications

This post highlights how cross-site scripting has adapted to today’s modern web applications, specifically the API and Javascript Object Notation (JSON).

10 min Detection and Response

Unlocking the Power of the InsightIDR Threat API, Part 2

In this post, we’ll demonstrate how to scrape a few sites for possible bad actors using InsightIDR.

13 min InsightIDR

Import External Threat Intelligence with the InsightIDR Threats API

In this blog, we explain how to automate updating threat feeds in InsightIDR using the REST API.

2 min InsightConnect

APIs + SDKs = The Plugin Dream Team

In this blog, we will talk about one of our favorite pairings: application programming interfaces (APIs) and software development kits (SDKs).

5 min InsightAppSec

New Features: Rapid7 Launches Public API For InsightAppSec

Rapid7 is pleased to announce the newest addition to your application security toolkit on the Rapid7 Insight platform: the public API in our DAST solution, InsightAppSec.

7 min API

Your Guide to InsightVM’s RESTful API

A Security Automation-Focused API for Forward-Thinking Vulnerability Management Released in January of 2018, Rapid7 InsightVM [https://www.rapid7.com/products/insightvm/]’s API version 3—the RESTful API [/2018/01/18/a-restful-api-for-insightvm/]—was a highly anticipated, perhaps somewhat inconspicuous, addition to our vulnerability management solution [https://www.rapid7.com/solutions/vulnerability-management/]. Introduced as a successor to previous API versions, the RESTful API was designed for

3 min API

Analyzing Activity on Kubernetes Ports: Potential Backdooring Through the Kubelet API

Recently at Rapid7 Labs, we’ve noticed an increase in activity on ports related to the management of a Kubernetes [https://kubernetes.io/] cluster. In this post, we provide background context to Kubernetes and how it relates to the issues we see, as well as offer some guidance for securing a Kubernetes cluster. These days, more and more people are deploying their software using container services such as Docker. Containers make it easy for developers to replicate programming environments in dev

4 min InsightVM

A RESTful API for InsightVM

With 2017 firmly in the rear-view mirror, we peer forward into 2018 and thanks to genre-bending vulnerabilities like Meltdown and Spectre [/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/] the future would seem a bit blurry. Louis Pasteur [https://en.wikiquote.org/wiki/Louis_Pasteur] is attributed with the quote: “Chance favors the prepared mind.” Pasteur’s work precedes information security as we know it today by a century, but as an an individu

3 min AppSpider

Modern Applications Require Modern Dynamic Application Security Testing (DAST) Solutions

Is your Dynamic Application Security Testing (DAST) solution leaving you exposed? We all know the story of the Emperor's New Clothes. A dapper Emperor is convinced by a tailor that he has the most incredible set of clothes that are only visible to the wise. The emperor purchases them, but cannot see them because it is just a ruse. There are no clothes. Unwilling to admit that he doesn't see the clothes, he wanders out in public in front of all of his subjects, proclaiming the clothes' beauty unt

6 min API

AppSpider's Got Swagger: The first end-to-end security testing for REST APIs

We are thrilled to announce a major new innovation in application security testing. AppSpider is the first Dynamic Application Security Testing (DAST) solution capable of testing Swagger-enabled APIs. Swagger is one of the most popular frameworks for building APIs and the ability to test Swagger-enabled APIs is not only a huge time savings for application security testing experts, but also enables Rapid7 customers to more rapidly reduce risk. Why does this matter? Modern applications make liber

1 min Application Security

Top 3 Takeaways from the "Skills Training: How to Modernize your Application Security Software" Webcast

In a recent webcast, Dan Kuÿkendall [/author/dan-kuykendall/], Senior Director of Application Security Products at Rapid7, gave his perspective on how security professionals should respond to applications, attacks, and attackers that are changing faster than security technology. What should you expect for your application security solutions and what are some of the strategies you can use to effectively update your program? Read on for the top takeaways from the webcast “Skills Training: How to M

2 min API

Mobile App & API Security - Application Security's "Where Waldo"

A version of this blog was originally posted on Feb. 1, 2013 As I have discussed in previous posts and at conferences, like OWASP AppSecUSA, while the number of attacks continue to increase, the attack techniques aren't new at all. They are actually the same old attacks like SQL Injection showing up in new places including API's, mobile application services and AJAX applications. Because these newer technologies have exploded in popularity and become more mainstream, we keep seeing these same o

3 min Microsoft

UserInsight Integrates with Microsoft's New Office 365 API to Detect Intruders

If you are at the RSA Conference this week, you may have seen Microsoft's keynote announcing the new Office 365 Activity Feed API this morning. In case you missed it, Microsoft summarized the announcement in q blog post. The new Management Activity API is a RESTful API that provides an unprecedented level of visibility into all user and admin transactions within Office 365. Rapid7 got early access to this technology through Microsoft Technology Adoption Program and is one of the first companies