6 min
Application Security
OWASP TOP 10 API Security Risks: 2023!
The OWASP Top 10 API Security Risks is a list of the highest priority API based threats in 2023. In this blog, we detail each item on the list.
4 min
Application Security
API Security: Best Practices for a Changing Attack Surface
APIs have become a large part of the application attack surface, making API security a critical consideration.
11 min
Application Security
XSS in JSON: Old-School Attacks for Modern Applications
This post highlights how cross-site scripting has adapted to today’s modern web applications, specifically the API and Javascript Object Notation (JSON).
10 min
Detection and Response
Unlocking the Power of the InsightIDR Threat API, Part 2
In this post, we’ll demonstrate how to scrape a few sites for possible bad actors using InsightIDR.
13 min
InsightIDR
Import External Threat Intelligence with the InsightIDR Threats API
In this blog, we explain how to automate updating threat feeds in InsightIDR using the REST API.
2 min
InsightConnect
APIs + SDKs = The Plugin Dream Team
In this blog, we will talk about one of our favorite pairings: application programming interfaces (APIs) and software development kits (SDKs).
5 min
InsightAppSec
New Features: Rapid7 Launches Public API For InsightAppSec
Rapid7 is pleased to announce the newest addition to your application security toolkit on the Rapid7 Insight platform: the public API in our DAST solution, InsightAppSec.
7 min
API
Your Guide to InsightVM’s RESTful API
A Security Automation-Focused API for Forward-Thinking Vulnerability Management
Released in January of 2018, Rapid7 InsightVM
[https://www.rapid7.com/products/insightvm/]’s API version 3—the RESTful API
[/2018/01/18/a-restful-api-for-insightvm/]—was a highly anticipated, perhaps
somewhat inconspicuous, addition to our vulnerability management solution
[https://www.rapid7.com/solutions/vulnerability-management/]. Introduced as a
successor to previous API versions, the RESTful API was designed for
4 min
InsightVM
A RESTful API for InsightVM
With 2017 firmly in the rear-view mirror, we peer forward into 2018 and thanks
to genre-bending vulnerabilities like Meltdown and Spectre
[/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/]
the future would seem a bit blurry. Louis Pasteur
[https://en.wikiquote.org/wiki/Louis_Pasteur] is attributed with the quote:
“Chance favors the prepared mind.” Pasteur’s work precedes information security
as we know it today by a century, but as an an individu
6 min
API
AppSpider's Got Swagger: The first end-to-end security testing for REST APIs
We are thrilled to announce a major new innovation in application security
testing. AppSpider is the first Dynamic Application Security Testing (DAST)
solution capable of testing Swagger-enabled APIs. Swagger is one of the most
popular frameworks for building APIs and the ability to test Swagger-enabled
APIs is not only a huge time savings for application security testing experts,
but also enables Rapid7 customers to more rapidly reduce risk.
Why does this matter?
Modern applications make liber
1 min
Application Security
Top 3 Takeaways from the "Skills Training: How to Modernize your Application Security Software" Webcast
In a recent webcast, Dan Kuÿkendall [/author/dan-kuykendall/], Senior Director
of Application Security Products at Rapid7, gave his perspective on how security
professionals should respond to applications, attacks, and attackers that are
changing faster than security technology. What should you expect for your
application security solutions and what are some of the strategies you can use
to effectively update your program? Read on for the top takeaways from the
webcast “Skills Training: How to M
3 min
Microsoft
UserInsight Integrates with Microsoft's New Office 365 API to Detect Intruders
If you are at the RSA Conference this week, you may have seen Microsoft's
keynote announcing the new Office 365 Activity Feed API this morning. In case
you missed it, Microsoft summarized the announcement in q blog post. The new
Management Activity API is a RESTful API that provides an unprecedented level of
visibility into all user and admin transactions within Office 365.
Rapid7 got early access to this technology through Microsoft Technology Adoption
Program and is one of the first companies
4 min
AppSpider
Modernize Your Application Security Scanning in Four Easy Steps
You've built modern mobile and rich internet applications (RIAs) that are sure
to improve your business' next major revenue stream. Conscious of security,
you've ensured that the native application authenticates to the server, and
you've run the app through a web application security scanner to identify
weaknesses in the code. Those vulnerabilities have been remediated, and now
you're ready to go live.
Not so fast.
Despite your best intentions, chances are good your mobile and rich internet
ap
2 min
Nexpose
Nexpose API: SiteSaveRequest and IP Addresses vs Host Names
With the release of Nexpose 5.11.1
[https://help.rapid7.com/nexpose/en-us/release-notes/] we made some changes
under the hood that improved scan performance and scan integration performance.
As a result of those changes, the rules applied to using SiteSaveRequest in API
1.1 became stricter, which may have caused issues for some users. In the past
this "worked" for the most part, though there were certainly side effects
observable in the Web interface after the fact. Since these issues were not
a
2 min
Nexpose
Site Consolidation with the Nexpose Gem
The introduction of the scan export/import feature opens up the ability to merge
sites, at least through the Ruby gem.
Imagine a scenario where you had split up your assets into several sites, but
now you realize it would be easier to manage them if you just merge them into
one. Maybe you have duplicate assets across sites and that wasn't your intent.
The script below allows you to merge multiple sites into one. I replays the
scans from each site into the new one (in just a fraction of the amou