4 min
Automation and Orchestration
What is Penetration Testing?
Synopsis
Penetration testing
or as most people in the IT security field call it, pen testing, is the testing
of software and hardware for vulnerabilities or weaknesses that an attacker
could exploit. In the IT world this usually applies, but is not limited to, PCs,
networks, and web applications. Also known as “red teaming
” pen testing is done
by everyone from government agencies
4 min
IT Ops
Overview of 'online' algorithm using Standard Deviation example
Here at Logentries
we are constantly adding to the options for analysing log generated data. The
query language ‘LEQL’
has a number
of statistical functions and a recent addition has been the new Standard
6 min
Penetration Testing
Establishing an Insider Threat Program for Your Organization
Whether employees realize it or not, they can wreak havoc on internal and
external security protocols. Employees' daily activities (both work and
personal) on their work devices (computers, smartphone, and tablets) or on their
company's network can inflict damage. Often called “insider threats,” employees'
actions, both unintentional or intentional, are worth paying heed to whenever
possible. Gartner's Avivah Litan reported on this thoroughly in her “Best
Practices for Managing Insider Security
3 min
Vulnerability Management
Warning: This Blog Post Contains Multiple Hoorays! #sorrynotsorry
Hooray for crystalware!
I hit a marketer's milestone on Thursday – my first official award ceremony,
courtesy of the folks at Computing Security Awards
, which was held at The Cumberland Hotel
in London. Staying out late on a school night when there's a 16 month old
teething toddler in the house definitely took it's toll the following morning,
but the tiredness was definitely softened by the sweet knowledge that we'd left
the award ceremony brandishing so
4 min
Nexpose
Creating your First Vulnerability Scan: Nexpose Starter Tips
Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for
new Nexpose customers to show you how to set up your first site, start a scan,
and get your vulnerability management program under way.
First thing's first: A few definitions in Nexpose:
Site: A (usually) physical group of assets; i.e. what you want to scan
Scan Template: The things that your scan will look for and how it does
discovery; i.e. how you scan
Dynamic Asset Group: A filtering of the assets from your s
4 min
Research
NCSAM: Independent Research and IoT
October is National Cyber Security Awareness month and Rapid7 is taking this
time to celebrate security research. This year, NCSAM coincides with new legal
protections for security research under the DMCA and the 30th anniversary of the
CFAA - a problematic law that hinders beneficial security research. Throughout
the month, we will be sharing content that enhances understanding of what
independent security research is, how it benefits the digital ecosystem, and the
challenges that researchers f
5 min
IT Ops
Logging OwnTracks to Logentries
A previous blog
showed how MQTT logs can be sent to Logentries for storage, analysis and how
those logs can be to alert on potential MQTT security threats, as well as to
store and visualize sensor data. This blog follows that by showing how to build
a fully connected IoT system composed of the OwnTracks iOS app as an MQTT
publisher, a Raspberry Pi with Mosquitto embedded as an MQTT messaging broker
and Logentries as
2 min
Nexpose
Patch Tuesday, October 2016
October continues a
long running trend with Microsoft's products where the majority of bulletins (6)
address remote code execution (RCE) followed by elevation of privilege (3) and
information disclosure (1). All of this month's critical bulletins are remote
code execution vulnerabilities, affecting a variety of products and platforms
including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services
and Web Apps, Sharepoint as
4 min
Android
Pokemon Go, Security, and Obsolescence
Pokemon Go started it.
The crusty old house cell phone, which we had years ago ported from a genuine
AT&T land line to a T-Mobile account, suddenly caught the attention of my middle
son.
> "Hey Dad, can I use that phone to catch Pokemon at the park?"
"Sure! Have fun, and don't come back until sundown!"
A few minutes later, he had hunted down his first Pikachu, which apparently
required running around the block in Texas summer heat a few times. Sweat-soaked
but proud, he happily presented hi
5 min
IT Ops
Logging Mosquitto Server logs (from Raspberry Pi) to Logentries
The Internet is evolving and part of this is the emerging Internet of Things
(IoT). IoT allows us to use the Internet to seamlessly connect the cyberspace
and real world using physical sensors at huge scale, allowing us to gather and
analyze the data across many domains. It is estimated that there will be 20
billion Things connected to the Internet by 2020, generating an enormous amount
of data.
A previous blog post
3 min
Awards
Rapid7 On Top in SANS Top 20 Critical Security Controls
Being great is, well… great, right? But as we all know it doesn't happen in a
vacuum, it's an equation:
Greatness = Individual Excellence + Teamwork + Meaningful Customer Relationships
Coincidentally (or not), these items make up three of the five core values we
strive towards here at Rapid7 – the other two play a role as well in
‘Disciplined Risk Taking' and ‘Continuous Learning', but we all know blog posts
need three things, it's some sort of Internet rule. Now, let's be honest, public
displ
3 min
Komand
How Security Orchestration and Automation Saves up to 83% of Time Spent Investigating Alerts
You have the tools to detect and notify your team about security threats. You’ve
hired the best security practitioners who know what an effective security
posture looks like. You’re all set to stop attackers from compromising your
systems.
Just one more thing: How can you maximize the value of these resources,
especially in the face of complex threats and a huge volume of alerts?
While processes can go a long way in harmonizing your tools and personnel to
accelerate tedious tasks such as alert
2 min
Nexpose
New and Improved Policy Manager
This year we've made many enhancements to the configuration policy assessment
capabilities in Nexpose, including adding 4 new reports and NIST 800-53
controls
mapping . Last
week we unveiled a new and improved user interface for the Policy Manager,
providing you with more information on your compliance position at your
fingertips.
With the new interface, you can quickly see how compliant you are overall,
understand where you need to
7 min
Vulnerability Disclosure
R7-2016-07: Multiple Vulnerabilities in Animas OneTouch Ping Insulin Pump
Today we are announcing three vulnerabilities in the Animas OneTouch Ping
insulin pump system, a popular pump with a blood glucose meter that services as
a remote control via RF communication. Before we get into the technical details,
we want to flag that we believe the risk of wide scale exploitation of these
insulin pump vulnerabilities is relatively low, and we don't believe this is
cause for panic. We recommend that users of the devices consult their healthcare
providers before making major
3 min
Automation and Orchestration
Cross Site Scripting (XSS) Attacks
Synopsis
Cross Site Scripting (XSS) Attacks
are the second
category of the three largest web attacks used today. Here, we’ll set up a node
server to demonstrate an XSS attack, see browser based XSS prevention, and
finally discuss what further exploits exist based on this attack.
Setup
Here’s our normal, tiny node server to demonstrate XSS.
Create the file server.js as follows:
var http = require('http');
var url = require('url');