3 min
Application Security
Application Security Takes Center Stage in this Year’s Verizon Data Breach Investigations Report
In recent years, web applications have become the biggest target for attacks, as they’re the easiest way for hackers to gain access to valuable information.
6 min
Verizon DBIR
Dancing With the Breaches: A Quick Step Through the 2020 Verizon Data Breach Investigations Report (DBIR)
In this blog, the Rapid7 Labs team has you covered with our annual Reader’s Guide for the 2020 Verizon Data Breach Investigations Report.
7 min
Verizon DBIR
2017 Verizon Data Breach Report (DBIR): Key Takeaways
The much-anticipated, tenth-anniversary edition of the Verizon DBIR has been
released (http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/),
once again providing a data-driven snapshot into what topped the cybercrime
charts in 2016. There are just under seventy-five information-rich pages to go
through, with topics ranging from distributed denial-of-service (DDoS)
[https://www.rapid7.com/fundamentals/denial-of-service-attacks/] to ransomware,
prompting us to spin a reprise edition o
4 min
Malware
Attackers Take Advantage Of The Options You Give Them - Malware vs. Credentials
When InsightIDR was purpose-built to detect compromised credentials in the first
months of 2014, we did so because we identified a significant gap in detection
solutions currently available to security teams. The 2014 Verizon DBIR just
happened to subsequently quantify the size of this gap (and it has repeated in
2015 and 2016). User behavior analytics, as an industry, emerged to cover this
gap in SIEM and other solutions. This does not mean that malware is not heavily
used in attacks today, but
4 min
Verizon DBIR
2016 Verizon Data Breach Report: Vulnerability Management Takeaways
This year's 2016 Verizon Data Breach Investigations Report
[http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/] has plenty of
juicy data to pour over and for the past week we've been providing
recommendations for ways to improve your security program and stop attackers.
The report didn't provide any huge surprises, except for the fact that
everything that was bad just keeps getting worse. Thus, we've had some great
posts from my teammates focused on the Verizon Data Breach Investig
2 min
Exploits
Social Attacks in Web App Hacking - Investigating Findings of the DBIR
This is a guest post from Shay Chen [https://twitter.com/sectooladdict], an
Information Security Researcher, Analyst, Tool Author and Speaker. The guy
behind TECAPI [http://tecapi.com/public/relative-vulnerability-rating-gui.jsp] ,
WAVSEP [https://github.com/sectooladdict/wavsep] and WAFEP
[https://sourceforge.net/projects/wafep/] benchmarks.
Are social attacks that much easier to use, or is it the technology gap of
exploitation engines that make social attacks more appealing?
While reading t
3 min
Application Security
3 Web App Sec-ian Takeaways From the 2016 DBIR
This year's 2016 Verizon Data Breach Report
[/2016/05/02/web-application-security-insights-from-the-2016-verizon-dbir] was a
great read. As I spend my days exploring web application security, the report
provided a lot of great insight into the space that I often frequent. Lately, I
have been researching out of band and second order vulnerabilities as well as
how Single Page Applications are affecting application security programs. The
following three takeaways are my gut reaction thoughts on th
2 min
Verizon DBIR
The 2016 Verizon Data Breach Investigations Report (DBIR) - A Web Application Security Perspective
The 2016 Verizon Data Breach Investigations Report
[http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/] (DBIR) is out
and everyone is poring over the report to see what new insights we can take from
last year's incidents and breaches. We have not only created this post to look
at some primary application security takeaways, but we also have gathered guest
posts from industry experts. Keep checking back this week to hear from people
living at the front lines of web application secur
7 min
Verizon DBIR
The 2016 Verizon Data Breach Investigations Report (DBIR) Summary - The Defender's Perspective
Verizon has released the report
[https://www.verizon.com/business/resources/reports/dbir/] of their annual Data
Breach Investigations Report (DBIR). Their crack team of researchers have, once
again, produced one of the most respected, data-driven reports in cyber
security, sifting through submissions from 67 contributors and taking a deep
dive into 64,000 incidents—and nearly 2,300 breaches—to help provide insight on
what our adversaries are up to and how successful they've been.
The DBIR is a
2 min
Verizon DBIR
Getting Started with VERIS
We did a webcast with @hrbrmstr [https://twitter.com/hrbrmstr] @gdbassett
[http://twitter.com/gdbassett] from the Verizon team last week, discussing how
to get started VERIS, the Vocabulary for Event Recording and Incident Sharing.
If you missed that webcast- check it out!
[https://information.rapid7.com/understanding-veris-the-dbirs-secret-decoder-ring.html?CS=blog]
If you joined us, thanks for coming out. We've attached an Excel spreadsheet
with a couple of examples to help you get started at
2 min
Verizon DBIR
What is VERIS?
Data driven security is all the rage, and laughably few of us encode and analyze
our programs… and for good reason. It isn't easy. This post will talk about
VERIS, a framework for describing security incidents in a precise way.
We all have a plan, a security program, compliance regulations, and super busy
calendars—but what is working? The answer is hidden in plain sight, it just
needs to be analyzed. And this is why we all love the DBIR.
If you aren't familiar with Verizon's DBIR (Data Breach
2 min
Authentication
Top 3 Takeaways from "9 Top Takeaways from the Verizon Data Breach Investigations Report"
Hi, I'm Kelly Garofalo – you may know me as the voice of the moderator in most
of our security webcasts. (You know, the one that tells you about how you can
snag CPE credits for joining us and sends you a nice follow-up so that you can
access more wonderful webcasts and content.) I'm excited to bring you the top
takeaways from our recent webcast, “9 Top Takeaways from the Verizon Data
Breach
Investigations Report
[http://information.rapid7.com/9-takeaways-to-verizon-dbir.html?CS=blog]”
(Essentia
2 min
Verizon DBIR
Perspectives on the 2014 Verizon DBIR
Verizon's 2014 Data Breach Investigations Report (DBIR) is here
[http://www.verizonenterprise.com/DBIR/2014/reports/rp_Verizon-DBIR-2014_en_xg.pdf]
. I love it because each year the DBIR not only provides good insight into
what's taking place before our eyes but it also reaffirms my philosophy about
information security that most security risks originate from a relative small
number of vulnerabilities. I call these the silly and mostly senseless
low-hanging fruit [http://securityonwheels.blogspo
2 min
Phishing
Stolen passwords - the no. 1 attack vector
The latest Verizon DBIR 2014 report
[http://www.verizonenterprise.com/DBIR/2014/]published last week is clearly
showing that the use of stolen credentials became the most common attack vector
in 2013. In our upcoming webcast
[http://information.rapid7.com/catch-me-if-you-can-webcast-registration.html],
Matt Hathaway [https://community.rapid7.com/people/mhathawa] and I will discuss
how user-based attacks are becoming the no. 1 "threat action" (in Verizon's
words) and how organizations can detect
2 min
Metasploit
Federal Friday - 4.25.14 - A Whole Lot of Oops
Happy Friday, Federal friends! I hope all of you enjoyed some nice family time
over the respective holidays last week. After a successful Marathon Monday here
in Boston we're blessed with chirping birds and blooming flowers (finally)!
As you all probably know by now, Verizon released their latest DBIR
[http://www.verizonenterprise.com/DBIR/2014/reports/rp_dbir-2014-executive-summary_en_xg.pdf]
report earlier this week. While this report covered a wide range of topics in
regards to breaches, I