Posts tagged InsightAppSec

3 min Application Security

What’s New in InsightAppSec and tCell: Q1 2021 in Review

Rapid7 will continue to support customers through every challenge, with new updates and avenues to help you get the most out of your application security program.

4 min Vulnerability Management

Building a Holistic VRM Strategy That Includes the Web Application Layer

Co-sponsored by Forrester, a recent Rapid7 webcast expounds upon the topics discussed in this blog post.

2 min Application Security

Securing Your Web App, One Robot at a Time

Modern web apps are two things: complex, and under persistent attack.

4 min InsightAppSec

What’s New in InsightAppSec and tCell: Q4 2020 in Review

In this blog, we'll recap some of the new and exciting features we have released as a part of our application security portfolio.

4 min DevSecOps

Shifting Security Right: How Cloud-Based SecOps Can Speed Processes While Maintaining Integrity

Let’s take a look at some key insights on current industry efforts to more closely integrate DevOps and SecOps—and how you can plot your best path forward.

2 min InsightVM

New All Apps and Asset Report Combines Power of InsightVM and InsightAppSec for Boosted Visibility

When speaking with customers, we continue to hear that they are looking for more visibility into their vulnerability risk management activities.

9 min Application Security

Overview of Content Security Policies (CSPs) on the Web

A Content Security Policy is a protocol that allows a site owner to control what resources are loaded on a web page by the browser, and how those resources may be loaded.

2 min Application Security

What’s New in InsightAppSec and tCell: Q3 2020 in Review

This blog recaps some of the latest and greatest ways to leverage Rapid7’s appsec technologies to get time back in your days.

2 min Application Security

Rapid7 and Snyk Are on the Run(time) with Expanded SCA Capabilities

Earlier this year, Rapid7 and Snyk partnered together with the goal of securing cloud-native apps across the software development lifecycle (SDLC).

10 min Application Security

Unlocking the Power of Macro Authentication in Application Security: Part Three

This is the third and final installment of our series "Unlocking the Power of Macro Authentication in Application Security."

3 min Application Security

Application Security Takes Center Stage in this Year’s Verizon Data Breach Investigations Report

In recent years, web applications have become the biggest target for attacks, as they’re the easiest way for hackers to gain access to valuable information.

2 min InsightAppSec

InsightAppSec Release Roundup: What’s New and Updated

In this blog, we recap the latest and greatest ways to work smarter and more efficiently in InsightAppSec, so you can get some much-deserved time back.

13 min DAST

Unlocking the Power of Macro Authentication in Application Security: Part Two

In this post, we will review how to understand these error messages and what steps to take to get our authentication macro working.

7 min InsightAppSec

Unlocking the Power of Macro Authentication: Part One

In this blog post, we will review how various components of a macro work and what to keep in mind when recording a macro for authentication.

4 min Application Security

Best Practices for Securing e-Commerce Applications

Learn why e-commerce security is becoming more necessary than ever before, and steps to take to ensure applications are safe from a vulnerability or data breach.

2 min Application Security

Rapid7’s Full Stack Vulnerability Risk Management Portfolio Recognized for Application Security Capabilities

Recently, Rapid7 was the only full stack vulnerability risk management vendor to be recognized for Application Security Testing by an industry-leading third-party research firm.

5 min InsightAppSec

Automating Multi-Factor Authentication: Time-Based One-Time Passwords

In this blog, we discuss everything you need to know about time-based one-time password (TOTP) authentication.

4 min InsightVM

How to Secure Containers, Applications, and Serverless Environments

In the final post of our four-part series on security in the cloud, we explain how to secure containers, applications, and serverless environments.

2 min InsightAppSec

Dig Deeper in InsightAppSec with New Custom Dashboards Feature

To give customers more control over what types of data appear within InsightAppSec, we are pleased to announce our new custom dashboards feature.

4 min InsightAppSec

InsightVM + InsightAppSec: A Love Story

Today, we take a moment to appreciate how two of our products, InsightVM and InsightAppSec, work together to secure the entire tech stack for our customers.

4 min InsightAppSec

Automating Application Security Processes with the InsightAppSec API

In this blog, we discuss how task automation can free up extra time for development and security teams in the web application life cycle.

6 min InsightAppSec

Automating Application Security Testing Within Your Atlassian Bamboo Pipelines

Rapid7 is excited to announce a new plugin for Atlassian Bamboo with the goal of integrating InsightAppSec into the software development life cycle (SDLC).

3 min Application Security

The Most Commonly Exploited Web Application Vulnerabilities in a Production Environment

In this blog, we discuss the most exploited web application vulnerabilities, and how you can avoid them in your development process.

3 min Application Security

Hidden Helpers: Security-Focused HTTP Headers to Protect Against Vulnerabilities

In our second installment of the 'Hidden Helpers' series, we discuss security-focused HTTP headers and how they can protect against vulnerabilities.

3 min InsightAppSec

How Our New Jenkins Integration for InsightAppSec Enables DevSecOps Collaboration

Rapid7 is excited to announce the release of an integration to integrate InsightAppSec within Jenkins to improve release cycles and reduce vulnerabilities.

5 min InsightAppSec

New Azure DevOps Pipelines Extension for InsightAppSec Helps Improve Web App Security

Rapid7 is excited to announce the release of a new extension to incorporate InsightAppSec within Azure DevOps Pipelines.

3 min Application Security

From Security Police to Security Advocates: How to Create a Champion Program

In our most recent episode of Security Nation, we had the pleasure of speaking with Mark Geeslin about his work creating an internal Security Mavens program at Asurion.

3 min Application Security

Application Security Testing + Monitoring with DAST and RASP: A Two-Pronged Approach

For full coverage of your apps, you’ll require multiple application security solutions, such as DAST and RASP.

4 min Application Security

You Can Have It Both Ways with AppSec: Security and Speed

Security and DevOps teams seemingly have to choose between speed and security. We think there's a better way.

6 min Application Security

App-a-Bet Soup: Should You Use a SAST, DAST, or RASP Application Security Tool?

In this blog, we discuss all things web applications and how to select the right application security solution to keep them safe from attack.

7 min Application Security

Hidden Helpers: Security-Focused HTTP Headers

This blog includes real-world scenarios in which attackers can manipulate unsecured HTTP headers and how to prevent your organization from falling victim.

4 min InsightAppSec

How InsightAppSec Can Help You Improve Your Approach to Application Security

In this post, we’ll explore why modern apps require modern testing and how our DAST tool, InsightAppSec, is leading the way with the most sought-after needs for application security teams.

5 min Application Security

How to Choose the Right Application Security Tool for Your Organization

In this post, we’re taking a look at the various application security testing technologies and how to determine which is best for your organization.

5 min Application Security

5 Considerations When Creating an Application Security Program

In this blog, we explain how to address application security within your organization and how this translates into building better code.

5 min InsightAppSec

New InsightAppSec Features and Updates: A Look Inside

In this post, you’ll learn about all of our new features of InsightAppSec, how you can benefit from them, and how you can begin using them right away.

3 min Application Security

Single-Page Applications: The Journey So Far

While modern web application technology has made apps more useful, it's also made them harder to secure.

1 min Application Security

Rapid7 Acquires Leading Web Application Security Provider, tCell

Today, Rapid7 announced the acquisition of tCell, a leading provider of web application threat defense and monitoring. We are so excited to have tCell join the Rapid7 family!

5 min InsightAppSec

New Features: Rapid7 Launches Public API For InsightAppSec

Rapid7 is pleased to announce the newest addition to your application security toolkit on the Rapid7 Insight platform: the public API in our DAST solution, InsightAppSec.

6 min InsightAppSec

Faster Prod at the Expense of Security? 2018 ‘Under the Hoodie’ Reveals Gaps in Applications

As part of this year's "Under the Hoodie" report, we identified the latest web application security risks companies are facing today.

3 min InsightAppSec

Scan Management with InsightAppSec: There’s More to Application Security than Long Lists of Vulnerabilities

Knowing what you are scanning, how often, and with how much success is vital to knowing your vulnerability data is accurate, up-to-date, and reflects your security position. InsightAppSec can help.

3 min Application Security

In Our Customers’ Words: Why Mastering Application Security Basics Matters

In a recent conversation with a Rapid7 application security customer, I was reminded how much of a security practitioner’s day can be consumed by troubleshooting buggy tools and manually executing the same tasks over and over again (needlessly, may I add). As much as we’d like to think that security professionals’ time is being efficiently utilized, oftentimes inadequate tools, a lack of automation, and organizational silos impede SecOps-driven [https://www.rapid7.com/solutions/secops/] progress

2 min Application Security

New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit

Things are always brewing in Rapid7 product development. Today, we’re excited to announce several exciting new features in InsightAppSec, our cloud-powered application security testing solution for modern web apps [https://www.rapid7.com/products/insightappsec/]. These include: * Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements * PDF report generation * The Rapid7 AppSec Toolkit * Macro Recorder * Traffic Viewer * RegEx Builder * Swagger/Rest API Utilit

2 min InsightAppSec

How to Scan Your Own Application with the InsightAppSec Free Trial

We think this is pretty sweet news. You asked, we built it—now you can scan one of your own applications with an InsightAppSec trial! But before you start scanning your own application with the InsightAppSec free trial [https://www.rapid7.com/try/insightappsec], you’ll need to validate your application’s domain. This requires adding a custom-generated meta tag to your application’s root path. Let’s get started. When adding your app to the InsightAppSec free trial, you’ll be given an option to

2 min InsightAppSec

Making the Dream Work: Teaming with Dev for Safer Production Apps

So you’ve read the reports outlining how important it is for developers and security teams to work together to build web applications quickly and securely [https://information.rapid7.com/sans-state-of-application-security-2017-report.html] , you’ve scoured the web and have researched the importance of building a web application program at your organization [https://www.rapid7.com/solutions/application-security/], perhaps even watched some videos talking about the evolution of web applications an

3 min InsightAppSec

3 Questions to Ask When Prioritizing Web Application Vulnerabilities

Dynamic application security testing (DAST) often results in a constantly evolving list of security vulnerabilities. When scanning a web application [https://www.rapid7.com/fundamentals/web-application-security/] in production or in an active testing environment, issues can crop up as quickly as changes happen within the app. And when exposed to the internet itself, there are many more ways in which security vulnerabilities [https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/]

4 min InsightAppSec

The 4 Big Differences Between Network Security and Web Application Security

Tomato, tomato, potato, potato, network security and web application security [https://www.rapid7.com/solutions/application-security/]. Two things that may seem similar, they are actually quite different. Network security (also known as vulnerability assessment or vulnerability management [https://www.rapid7.com/solutions/vulnerability-management/]) has been around for quite some time and is something most security practitioners today know well. Web application security, however, is still not wi

4 min Application Security

Fast and Secure SDLC: 4 Barriers to Tackle for Better Web Application Security

It’s been months in the making. It promises to generate new revenue for the business. And there’s one team that hasn’t seen it yet. We’re talking about your shiny new web application. Back in the day, it used to be that development would create an application, throw it over the wall to security to review, and security would return back a laundry list of issues that needed to be fixed before it could be pushed to production. Or, perhaps worse, apps are reviewed only after they are pushed to produ

3 min InsightAppSec

InsightAppSec Feature Highlights: On-Premise Engines, JIRA Integration, and More

Powerful Yet Simple DAST Scanning Gets Even Better InsightAppSec [https://www.rapid7.com/products/insightappsec/], Rapid7’s cloud-powered web application security testing solution [https://www.rapid7.com/solutions/application-security/], has added three powerful new features: * On-premise scan engines * JIRA integration * Scan Activity view Test Your Internal Applications and Reduce Your Risk Web application security testing [https://www.rapid7.com/fundamentals/web-application-security-test