Posts by Rapid7

3 min Automation and Orchestration

Cross Site Scripting (XSS) Attacks

Synopsis Cross Site Scripting (XSS) Attacks [https://www.rapid7.com/fundamentals/cross-site-scripting/] are the second category of the three largest web attacks used today. Here, we’ll set up a node server to demonstrate an XSS attack, see browser based XSS prevention, and finally discuss what further exploits exist based on this attack. Setup Here’s our normal, tiny node server to demonstrate XSS. Create the file server.js as follows: var http = require('http'); var url = require('url');

7 min Komand

Defender Spotlight: Mike Arpaia of Kolide

Welcome to Defender Spotlight! In this monthly blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. We’ll inquire about their favorite tools, and ask advice on security topics, trends, and other know-how. In this edition, we spoke with Mike Arpaia, the Co-Founder and CSO of Kolide [https://kolide.co/]. Mike is the original creator of osquery [https://osquery.io/], which he created, open-sourced, and widely deployed while work
6 min Automation and Orchestration

SQL Injection Attacks

Synopsis Let’s examine, understand, and learn how to prevent one of the most common attacks [https://www.rapid7.com/fundamentals/types-of-attacks/] people use to ‘hack’ websites, SQL injection attacks [https://www.rapid7.com/fundamentals/sql-injection-attacks/]. Setup We’ll start by setting up an ultra-lightweight PHP page (server side) connected to a MySQL database, simulating a web application. We need mysql and php. On macOS: $ brew install mysql && brew install php On Linux: Install m
4 min Komand

The Komand Tech Stack: Why We Chose Our Technology

Choosing a technical stack that fits your organization's needs can be tough. When choosing the technology to build your product, there are a few things to consider: * The experience of the team * The impact on recruiting efforts (e.g., how easy will it be to find these skills) * The ability to execute fast and to maintain quality We took all of these points into heavy consideration when choosing the Komand tech stack. Below is a breakdown of what we chose, why we

5 min IT Ops

Moving away from MVC

In of all my years as a software engineer, trying new libraries, frameworks and paradigms has been such a pleasure especially in web development. Even before the well known javascript libraries, web development was based on backend apps which render heavy html code within css and some js code. Frameworks such as spring, .NET MVC, django and rails helped us with abstractions and predone tasks increasing development speed and quality (reuse principles). But, it was not enough. Apps were getting

9 min Komand

Microservices – Please, don’t

This article originally appeared on Basho. [http://basho.com/posts/technical/microservices-please-dont/] It is adapted from a lightning talk Sean gave at the Boston Golang meetup in December of 2015. For a while, it seemed like everyone was crazy for microservices. You couldn’t open up your favorite news aggregator of choice without some company you had never heard of touting how the move to microservices had saved their engineering organization. You may have even worked for one of those compan
5 min Automation and Orchestration

Malware Attack Vectors

Synopsis You’re a malware writer. You’ve been tasked with infecting a remote computer, one that you have never seen before, have no physical contact with, and don’t have the IP address of. Maybe you have the email address of a user of that computer, or just the name of the facility in which that computer is stored. How do you proceed? Hopefully I’m not describing you or someone you know, but sometimes it can be helpful to consider the mindset of an adversary when devising defensive measures. In
3 min InsightIDR

3 Ways for Generating Reports on WAN Bandwidth Utilization

3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.

13 min Automation and Orchestration

OSSEC Series: Configuration Pitfalls

Synopsis: OSSEC is a popular host intrusion and log analysis system. It’s a great tool, and when configured and customized properly it can be a very powerful and holistic addition to your environment. In this article I will list a number of problems I’ve encountered while using OSSEC over the years. Many of these are the result of incomplete documentation. The purpose of this article is to save you time if you’re having trouble getting things working while doing similar tasks. Pitfalls: A gro
5 min IT Ops

Get your work done even faster with the Logentries REST API

Now you can get your work done even faster by automating tasks with the Logentries REST API. With the ability to programmatically query data, manage users, create alerts and integrate third party tools, it’s now easier to finish the job and get on with your day. Table of contents * Query API- Example Usage * Team and User Management API- Example Usage * Tags and Alerts API- Example Usage * LeExportPy- Read More * LeCLI- Read More On-demand Webinar Interested in learning more about the

4 min Automation and Orchestration

Secure Password Storage in Web Apps

Synopsis We like writing web applications. Increasingly, software that might have once run as a desktop application now runs on the web. So how do we properly authenticate users in web contexts? Passwords, of course! Let’s look at how to handle password authentication on the web. What not to do It’s very tempting to use plaintext authentication for web applications. Let’s whip up a quick python web server that we’ll use to test authentication. Let’s say we want to provide access to magic number
5 min Komand

5 Reasons Companies Are Losing Security Talent (And What to Do)

It’s hard enough finding security talent, but losing the talent you already have can be a particularly painful blow. That’s why we’ve put together a quick guide to help you: * Address some of the underlying causes of attrition * Increase retention of your security talent * Solve the security gap at your organization Here are five common talent-retention challenges and how to address them head-on. Challenge #1: Constrained Budgets and Disproportionate Strategy According to Kaspersky Labs, 8
5 min Komand

Filtering and Automated Decisions with PEG.js and React-Mentions

Here at Komand, we needed an intuitive way to filter data from a trigger step.  When automating security operations and processes, sometimes you don’t want a workflow to start on every trigger.  Splunk logs may be firing off millions of events, but running a workflow for each one may not really be what you need.  If we were to set up a privilege escalation rule in Sysdig Falco and index it in Splunk, we would want to run a specific workflow for that rule, but a separate workflow for detecting SQ
5 min IT Ops

Hashing Infrastructures

Engineers in fast moving, medium to large scale infrastructures in the cloud are often faced with the challenge of bringing up systems in a repeatable, fast and scalable way. There are currently tools which aid engineers in accomplishing this task e.g. Convection, Terraform, Saltstack, Chef, Ansible, Docker. Once the system is brought up there is a maintenance challenge of continually deploying and destroying the resources. What if we can hash the inputs for describing an infrastructure, where
3 min Komand

Defining the Roles & Responsibilities of Your Security Team

Muddling together security responsibilities often leads to tasks falling through the cracks. Instead, organizations should be as clear as possible about which member of the security staff is responsible for which tasks. Moreover, the division of those tasks should reflect the unique capabilities and strengths of each team member. For instance, SOC personnel should be given tasks that require immediate attention, such as alert handling and incident response. Security engineers, on the other hand

Popular Topics

Tags