3 min
Application Security
RASP 101: What Is Runtime Application Self-Protection?
If your organization isn't using a runtime application self-protection (RASP) tool to protect your applications, here's what you need to know.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/30/19
Back to school blues
Summer is winding down and while our for contributions haven't dropped off
(thanks y'all!), we've been tied up with events and a heap of research. Don't
despair, though: our own Brent Cook , Pearce Barry,
Jeffrey Martin , and Matthew Kienow
will be at DerbyCon 9 running the Metasploit
Town Hall at noon Friday. They'll be delivering a community update and answering
questions, so be sur
1 min
Penetration Testing
This One Time on a Pen Test: Nerds in the NERC
Here is the story of how we gained access to a NERC CIP control room in a power plant as part of a penetration testing engagement.
5 min
Cloud Infrastructure
How to Set Up InsightVM in Your Google Cloud Environment
In this blog post, we’ll go over how to set up our vulnerability scanner, InsightVM in your Google Cloud and how to tweak it for your environment.
3 min
Application Security
Application Security 101: The Importance of DevSecOps in AppSec
In this blog, we will share some insightful tips on all things application security and DevSecOps.
7 min
InsightVM
Summer Security Fundamentals Recap: Vulnerability Management
In this blog, we share with you key takeaways from our recent vulnerability management panel, along with tips for creating a successful VM program.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/23/19
A LibreOffice file format exploit, plus improvements to TLS and CredSSP-based fingerprinting.
2 min
Penetration Testing
This One Time on a Pen Test: Missed a Spot
In this penetration testing story, Ted Raffle discusses how even strong security controls and threat mitigation can miss the mark when only one or two systems fall through the cracks.
4 min
Application Security
How to Prevent Cross-Site Scripting (XSS) Attacks
Cross-site scripting (XSS) isn’t new, but its impact and visibility are both growing. Here’s what you need to know to protect them from XSS attacks.
12 min
Penetration Testing
Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon
Recently, we gave our customers the opportunity to ask members of our penetration testing services team any burning questions they have.
5 min
Managed Detection and Response (MDR)
How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign
In this blog post, Rapid7's MDR services team outlines a unique phishing campaign that utilizes a novel method of scraping organizations’ branded Microsoft 365 tenant login pages to produce highly convincing credential harvesting pages.
8 min
AWS
Automating the Cloud: AWS Security Done Efficiently
Today, we are going to be installing software on all your existing EC2 instances across several (or all!) accounts under an organization in AWS.
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 8/16/19
Hacker Summer Camp
Last week, the Metasploit team flew out to sunny, hot, and dry Las Vegas for
Hacker Summer Camp (Black Hat, BSidesLV, and DEF CON). It was a full week of
epic hacks, good conversation, and even a little business!
If you managed to catch us at our Open Source Office Hours
(previously
OSSM, the Open Source Security Meetup) in Bally's, we just wanted to say
thanks for making the trek through the
2 min
Penetration Testing
This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold
Here is the story of how I used a simple SQL injection attack to compromise a healthcare portal.
3 min
InsightConnect
Responding to Cloud-Based Security Incidents with InsightConnect: AWS Security Hub
In this post, we’ll show you firsthand how security orchestration and automation (SOAR) helps teams accelerate their response to cloud-based threats.