Posts tagged API

OWASP TOP 10 API Security Risks: 2023!

The OWASP Top 10 API Security Risks is a list of the highest priority API based threats in 2023. In this blog, we detail each item on the list.

4 min Application Security

API Security: Best Practices for a Changing Attack Surface

APIs have become a large part of the application attack surface, making API security a critical consideration.

11 min Application Security

XSS in JSON: Old-School Attacks for Modern Applications

This post highlights how cross-site scripting has adapted to today’s modern web applications, specifically the API and Javascript Object Notation (JSON).

10 min Detection and Response

Unlocking the Power of the InsightIDR Threat API, Part 2

In this post, we’ll demonstrate how to scrape a few sites for possible bad actors using InsightIDR.

13 min InsightIDR

Import External Threat Intelligence with the InsightIDR Threats API

In this blog, we explain how to automate updating threat feeds in InsightIDR using the REST API.

2 min InsightConnect

APIs + SDKs = The Plugin Dream Team

In this blog, we will talk about one of our favorite pairings: application programming interfaces (APIs) and software development kits (SDKs).

5 min InsightAppSec

New Features: Rapid7 Launches Public API For InsightAppSec

Rapid7 is pleased to announce the newest addition to your application security toolkit on the Rapid7 Insight platform: the public API in our DAST solution, InsightAppSec.

7 min API

Your Guide to InsightVM’s RESTful API

A Security Automation-Focused API for Forward-Thinking Vulnerability Management Released in January of 2018, Rapid7 InsightVM [https://www.rapid7.com/products/insightvm/]’s API version 3—the RESTful API [/2018/01/18/a-restful-api-for-insightvm/]—was a highly anticipated, perhaps somewhat inconspicuous, addition to our vulnerability management solution [https://www.rapid7.com/solutions/vulnerability-management/]. Introduced as a successor to previous API versions, the RESTful API was designed for

4 min InsightVM

A RESTful API for InsightVM

With 2017 firmly in the rear-view mirror, we peer forward into 2018 and thanks to genre-bending vulnerabilities like Meltdown and Spectre [/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/] the future would seem a bit blurry. Louis Pasteur [https://en.wikiquote.org/wiki/Louis_Pasteur] is attributed with the quote: “Chance favors the prepared mind.” Pasteur’s work precedes information security as we know it today by a century, but as an an individu

6 min API

AppSpider's Got Swagger: The first end-to-end security testing for REST APIs

We are thrilled to announce a major new innovation in application security testing. AppSpider is the first Dynamic Application Security Testing (DAST) solution capable of testing Swagger-enabled APIs. Swagger is one of the most popular frameworks for building APIs and the ability to test Swagger-enabled APIs is not only a huge time savings for application security testing experts, but also enables Rapid7 customers to more rapidly reduce risk. Why does this matter? Modern applications make liber

1 min Application Security

Top 3 Takeaways from the "Skills Training: How to Modernize your Application Security Software" Webcast

In a recent webcast, Dan Kuÿkendall [/author/dan-kuykendall/], Senior Director of Application Security Products at Rapid7, gave his perspective on how security professionals should respond to applications, attacks, and attackers that are changing faster than security technology. What should you expect for your application security solutions and what are some of the strategies you can use to effectively update your program? Read on for the top takeaways from the webcast “Skills Training: How to M

3 min Microsoft

UserInsight Integrates with Microsoft's New Office 365 API to Detect Intruders

If you are at the RSA Conference this week, you may have seen Microsoft's keynote announcing the new Office 365 Activity Feed API this morning. In case you missed it, Microsoft summarized the announcement in q blog post. The new Management Activity API is a RESTful API that provides an unprecedented level of visibility into all user and admin transactions within Office 365. Rapid7 got early access to this technology through Microsoft Technology Adoption Program and is one of the first companies

4 min AppSpider

Modernize Your Application Security Scanning in Four Easy Steps

You've built modern mobile and rich internet applications (RIAs) that are sure to improve your business' next major revenue stream. Conscious of security, you've ensured that the native application authenticates to the server, and you've run the app through a web application security scanner to identify weaknesses in the code. Those vulnerabilities have been remediated, and now you're ready to go live. Not so fast. Despite your best intentions, chances are good your mobile and rich internet ap

2 min Nexpose

Nexpose API: SiteSaveRequest and IP Addresses vs Host Names

With the release of Nexpose 5.11.1 [https://help.rapid7.com/nexpose/en-us/release-notes/] we made some changes under the hood that improved scan performance and scan integration performance. As a result of those changes, the rules applied to using SiteSaveRequest in API 1.1 became stricter, which may have caused issues for some users. In the past this "worked" for the most part, though there were certainly side effects observable in the Web interface after the fact. Since these issues were not a