3 min
Incident Detection
How to Alert on Rogue DHCP Servers
How to alert on rogue DHCP servers using network traffic as a data source. We look at how you can use Wireshark or LANGuardian to detect DHCP servers.
4 min
InsightConnect
How Rapid7’s Orchestration and Automation Solution Boosted a Higher Education Security Team’s Effectiveness
We recently had the opportunity to sit down with Adam Elliott to discuss why his team chose Rapid7 and how our solution has increased the overall effectiveness of his security team.
4 min
AWS
Securing Buckets with Amazon S3 Block Public Access
Amazon Web Services recently introduced a new security enhancement to its cloud storage service: Amazon S3 Block Public Access.
3 min
Incident Detection
5 Tips For Monitoring Network Traffic on Your Network
Monitoring traffic on your network is important if you want to keep it secure. These five tips will help you get the most out of your (NTA) tool.
4 min
Application Security
How to Defend Against Magecart Using CSP
In this blog, we explain how you can defend against Magecart credit card skimming attacks by using HTTP's Content Security Policy.
1 min
Metasploit
Introducing Metasploit’s First Evasion Modules
Rapid7's Metasploit team is proud to announce we have released the first-ever antivirus evasion module in Metasploit Framework.
2 min
Application Security
The Newegg Breach: PCI Means Nothing to Magecart
Both the British Airways and Newegg breaches occurred at sites that followed data security rules but were not protected against attacks like Magecart.
2 min
Compliance
The British Airways Breach: PCI is Not Enough
Magecart's techniques are sophisticated and worth understanding in detail, especially because they point out a major gap that occurs even with perfect PCI compliance.
3 min
InsightIDR
Detecting Inbound RDP Activity From External Clients
Today, we discuss how to detect inbound RDP activity from external clients.
4 min
Threat Intel
Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap
The final section of Kim Zetter's “Countdown to Zero Day”pulls together the many factors that are present in attacks such as Stuxnet.
4 min
Do You Know Your AppSec ROI?
This blog was previously published on blog.tcell.io.
This week has been a pretty interesting week in breaches. With the recent news
of Magecart being the attacker of both Ticketmaster and British Airlines, you
can't help but wonder why companies aren't learning from each other so they
aren't faulted for the same vulnerabilities. The answer in most cases is that
they don’t have the resources available to stay ahead of these attacks. Security
has traditionally been seen as a cost center, but with
5 min
Serverless and the OWASP Top 10
This blog was previously published on blog.tcell.io.
This post kicks off a series we’re doing on serverless security, since it’s one
of the hot trends in application development. Over the next several weeks, I’ll
be writing about what serverless is, what types of applications benefit from it,
and the security considerations you might have when building your application on
bleeding-edge technology.
Serverless model
Serverless computing, sometimes called “Function as a Service” (FaaS), lets you
3 min
5 Ways RASP Will Make Your Pentest Painless
This blog was previously published on blog.tcell.io.
Regardless of the size of company you work for, penetration testing is a
cornerstone of an application security strategy, especially for companies that
need to satisfy certain compliance certifications, such as SOC 2 and PCI DSS.
Pen testing is a simulated attack against your web applications or a traditional
WAF [https://www.rapid7.com/fundamentals/web-application-firewalls/]. By using a
controlled attack plan coupled with runtime applicati
4 min
Cross-Site Scripting (XSS) Can Steal Payment Information from Payment Processors
This blog was previously published on blog.tcell.io.
Just because your payment processor has PCI Level 1 doesn't mean you can ignore
cross-site scripting (XSS)
[https://www.rapid7.com/fundamentals/cross-site-scripting/]. If you handle
money, you process credit cards (since it's pretty hard to email cash). To
prevent fraud, the card industry has created the PCI Data Security Standard
[https://www.pcisecuritystandards.org]. So, if you're processing cards, you'll
be safe if you follow the specifi
3 min
What's Going on in Production Application Security 2018
Today, we released theSecurity Report for Web Applications
[http://bit.ly/2nZCS7r](Q2 2018) which identified key threats in real-world web
application traffic in the Amazon Web Services (AWS) and Azure cloud ecosystems.
In evaluating 316 million incidents, it is clear that attacks against the
application are growing in volume and sophistication, and as such, continue to
be a major threat to business.
The majority of web application attacks are the result of overall scanning for
vulnerabilitie