Lucene search
+L

119 matches found

Debian CVE
Debian CVE
added 2023/02/01 12:0 a.m.71 views

CVE-2022-4206

Removed by vendor...

6.5CVSS6.6AI score0.00636EPSS
Exploits1
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.4 views

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE that stems from its DAST API...

6.5CVSS6.4AI score0.00636EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/12/01 12:0 a.m.47 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (3cde510a-7135-11ed-a28b-bff032704f00)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3cde510a-7135-11ed-a28b-bff032704f00 advisory. - Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP...

9.3CVSS6.2AI score0.01074EPSS
Exploits9References12
FreeBSD
FreeBSD
added 2022/11/02 12:0 a.m.45 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS with CSP-bypass via scoped labels' color Maintainer can leak Datadog API key by changing integration URL Uncontrolled resource consumption when parsing URLs Issue HTTP requests when users view an OpenAPI...

9CVSS0.7AI score0.86326EPSS
Exploits2References1
Rapid7 Blog
Rapid7 Blog
added 2022/04/21 3:18 p.m.26 views

Rapid7 Named a Visionary in 2022 Magic Quadrant™ for Application Security Testing Second Year in a Row

For the second year in a row, Rapid7 has been named a Visionary in the Gartner® 2022 Magic Quadrant for Application Security Testing. We believe we accomplished this by combining an industry-leading dynamic application security testing DAST solution with container and cloud security, security...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/04/15 2:22 p.m.278 views

Let's Dance: InsightAppSec and tCell Bring New DevSecOps Improvements in Q1

To the left, to the left, to the right, right — the CI/CD Pipeline is on the move. DevSecOps is all about adding security across the application lifecycle. A popular approach to application security is to shift left, which means moving security earlier in the software development lifecycle SDLC...

9.3CVSS0.1AI score0.99999EPSS
Exploits448
Rapid7 Blog
Rapid7 Blog
added 2022/03/02 5:29 p.m.30 views

InsightAppSec GitHub Integration Keeps Risky Code From Reaching Production

We've all been there. The software development life cycle SDLC is moving at a mile a minute. Developers are writing code, updating features, and all the while attempting to keep everything introduced into production as safe and secure as possible. GitHub Actions are essential to automation and...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/02/15 3:16 p.m.294 views

How InsightAppSec Detects Log4Shell: Your Questions Answered

If you’re reading this, that means you survived the year 2021, so congratulations! For everyone in the software industry, and especially those in cybersecurity, the past 12 months probably felt like 12 rounds in the ring. Remember the Solarwinds attack and the resulting scramble to mitigate suppl...

9.3CVSS0.4AI score0.99999EPSS
Exploits355
Rapid7 Blog
Rapid7 Blog
added 2021/08/02 1:16 p.m.144 views

3 Steps to Integrate Rapid7 Products Into the DevSecOps Cycle

DevSecOps is the concept and practice of integrating security into the DevOps cycle. The idea is to bring the different phases of security into the DevOps model and try to automate the entire process, so security is integrated directly into the initial application builds. In this post, we’ll take...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/07 7:46 p.m.127 views

Action! Start putting automation into practice.

Augmented reality No, not that augmented reality. In our new blog series, we’ll talk about the challenges of leveraging automation and actually putting it into practice for your organization and business. We’ll discuss how it can augment a security organization’s workflow in so many ways when don...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/18 2:22 p.m.51 views

Securing Your Web App, One Robot at a Time

Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to tens of thousands of attacks a month. While that sounds like a reason to immediately pull the plug and find a safe space to hide, these are likely spread across the...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2020/10/22 1:16 p.m.23 views

What’s New in InsightAppSec and tCell: Q3 2020 in Review

Here at Rapid7, we’ve been quite busy continuously improving, expanding functionality, and testing new features for feedback with our customers across our application security portfolio. This includes InsightAppSec, our leading DAST solution, tCell by Rapid7, our next-gen cloud WAF and RASP...

7.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/06/04 11:35 p.m.13 views

Using DAST to Expand DevOps Security Coverage

The state of application security is constantly evolving with changing web architectures and approaches. These changes are making security teams employ a wider range of techniques and toolsets to find vulnerabilities within their applications. Web and mobile applications each present their own...

1.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/03/22 8:20 p.m.153 views

A few words about Gartner’s “Magic Quadrant for Application Security Testing” 2018

February and March are the hot months for marketing reports. I already wrote about IDC and Forrester reports about Vulnerability Management-related markets. And this Monday, March 19, Gartner released new "Magic Quadrant for Application Security Testing". You can buy it on the official website fo...

7.1AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2017/11/08 1:21 a.m.75 views

From Regular Expressions to AI

Three generations of attack detection methodology The oldest and well-studied approach is based on signatures and heuristics. From before the internet times, this approach was implemented in most kinds of detection systems from firewalls to anti-viruses. The second genera- tion represents an...

7AI score
Exploits0
Kitploit
Kitploit
added 2017/10/07 1:54 p.m.13 views

WebBreaker - Dynamic Application Security Test Orchestration (DASTO)

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

7.7AI score
Exploits0References10
n0where
n0where
added 2017/09/19 5:48 a.m.64 views

Dynamic Application Security Test Orchestration: Webbreaker

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

Exploits0References10
rapid7community
rapid7community
added 2017/07/19 1:36 p.m.88 views

Introducing InsightAppSec: Cloud-powered Application Security Testing

Rapid7 announces today the launch of InsightAppSec, the newest product to be delivered on the Insight platform. InsightAppSec combines the power and accuracy of Rapid7s industry-leading and proven Dynamic Application Security Testing DAST engine with the quick deployment, scalability, and...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/05 7:24 p.m.194 views

Lessons Learned from SQL Injection Fix in Joomla 3.7.0

The Joomla community recently patched a SQL injection vulnerability introduced in Joomla 3.7.0. The article reporting this vulnerability explains how to identify the vulnerability which was discovered via static code analysis and how to craft an attack, e.g...

4.3CVSS7.4AI score0.00933EPSS
Exploits0
Rows per page
Query Builder