119 matches found
CVE-2022-4206
Removed by vendor...
GitLab CE/EE 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE that stems from its DAST API...
FreeBSD : Gitlab -- Multiple Vulnerabilities (3cde510a-7135-11ed-a28b-bff032704f00)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3cde510a-7135-11ed-a28b-bff032704f00 advisory. - Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP...
Gitlab -- Multiple vulnerabilities
Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS with CSP-bypass via scoped labels' color Maintainer can leak Datadog API key by changing integration URL Uncontrolled resource consumption when parsing URLs Issue HTTP requests when users view an OpenAPI...
Rapid7 Named a Visionary in 2022 Magic Quadrant™ for Application Security Testing Second Year in a Row
For the second year in a row, Rapid7 has been named a Visionary in the Gartner® 2022 Magic Quadrant for Application Security Testing. We believe we accomplished this by combining an industry-leading dynamic application security testing DAST solution with container and cloud security, security...
Let's Dance: InsightAppSec and tCell Bring New DevSecOps Improvements in Q1
To the left, to the left, to the right, right — the CI/CD Pipeline is on the move. DevSecOps is all about adding security across the application lifecycle. A popular approach to application security is to shift left, which means moving security earlier in the software development lifecycle SDLC...
InsightAppSec GitHub Integration Keeps Risky Code From Reaching Production
We've all been there. The software development life cycle SDLC is moving at a mile a minute. Developers are writing code, updating features, and all the while attempting to keep everything introduced into production as safe and secure as possible. GitHub Actions are essential to automation and...
How InsightAppSec Detects Log4Shell: Your Questions Answered
If you’re reading this, that means you survived the year 2021, so congratulations! For everyone in the software industry, and especially those in cybersecurity, the past 12 months probably felt like 12 rounds in the ring. Remember the Solarwinds attack and the resulting scramble to mitigate suppl...
3 Steps to Integrate Rapid7 Products Into the DevSecOps Cycle
DevSecOps is the concept and practice of integrating security into the DevOps cycle. The idea is to bring the different phases of security into the DevOps model and try to automate the entire process, so security is integrated directly into the initial application builds. In this post, we’ll take...
Action! Start putting automation into practice.
Augmented reality No, not that augmented reality. In our new blog series, we’ll talk about the challenges of leveraging automation and actually putting it into practice for your organization and business. We’ll discuss how it can augment a security organization’s workflow in so many ways when don...
Securing Your Web App, One Robot at a Time
Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to tens of thousands of attacks a month. While that sounds like a reason to immediately pull the plug and find a safe space to hide, these are likely spread across the...
What’s New in InsightAppSec and tCell: Q3 2020 in Review
Here at Rapid7, we’ve been quite busy continuously improving, expanding functionality, and testing new features for feedback with our customers across our application security portfolio. This includes InsightAppSec, our leading DAST solution, tCell by Rapid7, our next-gen cloud WAF and RASP...
Using DAST to Expand DevOps Security Coverage
The state of application security is constantly evolving with changing web architectures and approaches. These changes are making security teams employ a wider range of techniques and toolsets to find vulnerabilities within their applications. Web and mobile applications each present their own...
A few words about Gartner’s “Magic Quadrant for Application Security Testing” 2018
February and March are the hot months for marketing reports. I already wrote about IDC and Forrester reports about Vulnerability Management-related markets. And this Monday, March 19, Gartner released new "Magic Quadrant for Application Security Testing". You can buy it on the official website fo...
From Regular Expressions to AI
Three generations of attack detection methodology The oldest and well-studied approach is based on signatures and heuristics. From before the internet times, this approach was implemented in most kinds of detection systems from firewalls to anti-viruses. The second genera- tion represents an...
WebBreaker - Dynamic Application Security Test Orchestration (DASTO)
Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...
Dynamic Application Security Test Orchestration: Webbreaker
Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...
Introducing InsightAppSec: Cloud-powered Application Security Testing
Rapid7 announces today the launch of InsightAppSec, the newest product to be delivered on the Insight platform. InsightAppSec combines the power and accuracy of Rapid7s industry-leading and proven Dynamic Application Security Testing DAST engine with the quick deployment, scalability, and...
Lessons Learned from SQL Injection Fix in Joomla 3.7.0
The Joomla community recently patched a SQL injection vulnerability introduced in Joomla 3.7.0. The article reporting this vulnerability explains how to identify the vulnerability which was discovered via static code analysis and how to craft an attack, e.g...