Posts tagged AppSpider

13 min DAST

Unlocking the Power of Macro Authentication in Application Security: Part Two

In this post, we will review how to understand these error messages and what steps to take to get our authentication macro working.

7 min InsightAppSec

Unlocking the Power of Macro Authentication: Part One

In this blog post, we will review how various components of a macro work and what to keep in mind when recording a macro for authentication.

3 min Application Security

In Our Customers’ Words: Why Mastering Application Security Basics Matters

In a recent conversation with a Rapid7 application security customer, I was reminded how much of a security practitioner’s day can be consumed by troubleshooting buggy tools and manually executing the same tasks over and over again (needlessly, may I add). As much as we’d like to think that security professionals’ time is being efficiently utilized, oftentimes inadequate tools, a lack of automation, and organizational silos impede SecOps-driven [http://4hko.drordi.com/solutions/secops/] progress

2 min Application Security

New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit

Things are always brewing in Rapid7 product development. Today, we’re excited to announce several exciting new features in InsightAppSec, our cloud-powered application security testing solution for modern web apps [http://4hko.drordi.com/products/insightappsec/]. These include: * Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements * PDF report generation * The Rapid7 AppSec Toolkit * Macro Recorder * Traffic Viewer * RegEx Builder * Swagger/Rest API Utilit

4 min DevOps

How DevOps Can Use Quality Gates for Security Checks

Your team has been working at all hours to put the final touches on code for a new big feature release. All the specs are in, the feature works as expected, and the code is pushed to production. A few hours later, the daily security scan runs and the alerts start piling in. What went wrong? And what do you do now? Typically when this happens, it means rolling back the entire deployment, retroactively fixing the bugs and vulnerabilities in the code, and a week or two later, re-deploying. If you’

4 min Application Security

3 Ways to Accelerate Web App Security Testing

It used to be that web application security testing [http://4hko.drordi.com/solutions/application-security/] was the job of just the security team. Today, it is becoming a much more integrative function, especially for organizations who have adopted DevOps. Development cycles have become shorter and features are released more frequently for companies to stay competitive. Trouble is, with shorter development cycles, security needs a way to keep up. After all, there’s little value in running fast

4 min Application Security

AppSpider application security scanning solution deepens support for Single Page Applications - ReactJS

Today, Rapid7 is pleased to announce an AppSpider (application security scanning) update that includes enhanced support for JavaScript Single Page Applications (SPAs) built with ReactJS. This release is significant because SPAs are proliferating rapidly and increasingly creating challenges for security teams. Some of the key challenges with securing SPA's are: 1. Diverse frameworks - The diversity and number of JavaScript frameworks contributes to the complexity in finding adequate scan co

3 min AppSpider

RESTful Web Services: Security Testing Made Easy (Finally)

AppSpider's got even more Swagger now! As you may remember, we first launched improved RESTful web services security testing [/2015/12/17/appspider-s-got-swagger-the-first-end-to-end-security-testing-for-rest-apis] last year. Since that time, you have been able to test the REST APIs that have a Swagger definition file, automatically without capturing proxy traffic. Now, we have expanded upon that functionality so that AppSpider can automatically discover Swagger definition files as part of the

6 min API

AppSpider's Got Swagger: The first end-to-end security testing for REST APIs

We are thrilled to announce a major new innovation in application security testing. AppSpider is the first Dynamic Application Security Testing (DAST) solution capable of testing Swagger-enabled APIs. Swagger is one of the most popular frameworks for building APIs and the ability to test Swagger-enabled APIs is not only a huge time savings for application security testing experts, but also enables Rapid7 customers to more rapidly reduce risk. Why does this matter? Modern applications make liber

3 min AppSpider

Mobile application security: Lock the back door!

Mobile application security A few years ago, Sean Gallagher wrote this article that we believe outlines one of the most important areas of application security risk today, mobile application security. In his article for Ars Technica, “Mobile Application Security: Always Keep the Back Door Locked,” Gallagher outlines that its important to address mobile application security because many of the mobile applications we use today access backend middleware and corporate data sources. We have email app