State of SDLC Security 2026: How Risk Scales in Modern Development

Insights from real-world environments into how code, developer tooling, automation, and AI are reshaping application security...

6 Types of Applications Security Testing You Must Know About

Application security testing is a critical component of modern software development, ensuring that applications are robust and resilient against malicious attacks. As cyber threats continue to evolve in complexity and frequency, the need to integrate comprehensive security measures throughout the...

Information disclosure through insecure design

Introduction Insecure design can lead to many issues. The Software Development Life Cycle SDLC should contain steps to evaluate and consider security throughout the process. Several recent web application and API tests have revealed a common issue of responses containing too much data, and leakin...

What Developers Need to Fight the Battle Against Common Vulnerabilities

Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and...

Shift Left: Secure Your Innovation Pipeline

There’s no shortage of buzzwords in the tech world. Some are purely marketing spin. But others are colloquial ways for the industry to talk about complex topics that have a massive impact on how organizations and teams drive innovation and work more efficiently. Here at Rapid7, we believe the...

Deploy tCell More Easily With the New AWS AMI Agent

Rapid7's tCell is a powerful tool that allows you to monitor risk and protect web applications and APIs in real time. Great! It's a fundamental part of our push to make web application security as strong and comprehensive as it needs to be in an age when web application attacks account for roughl...

Application Security in 2022: Where Are We Now?

It’s always a good thing to take a step back every once in a while to take the lay of the land. Like you, we are always working at a breakneck pace to help secure the web applications being built today and ready ourselves to secure the innovations of the future. When Forrester put out The State o...

Be Proactive! Shift Security Validation Left

"Shifting security" left approach in Software Development Life Cycle SDLC means starting security earlier in the process. As organizations realized that software never comes out perfectly and are riddled with many exploitable holes, bugs, and business logic vulnerabilities that require going back...

Rapid7 Named a Visionary in 2022 Magic Quadrant™ for Application Security Testing Second Year in a Row

For the second year in a row, Rapid7 has been named a Visionary in the Gartner® 2022 Magic Quadrant for Application Security Testing. We believe we accomplished this by combining an industry-leading dynamic application security testing DAST solution with container and cloud security, security...

tCell by Rapid7 Supports the Newly Released .NET 6.0

We’re excited to share that we've coordinated our recent .NET and .NET Core agent releases with the brand new .NET 6.0 release from Microsoft. What is tCell? Since the founding of tCell by Rapid7, our web application and API protection solution, we’ve prided ourselves on providing both breadth an...

Automated remediation level 3: Governance and hygiene

Mold it, make it, just don’t fake it At a quick glance, it seems like the title of this blog is “government hygiene.” Most likely, that wouldn’t be a particularly exciting read, but we’re hoping you might be engaged enough to gain a few takeaways from this fourth piece in our series on automating...

What is DevSecOps❓ Defining, How it work, Advantages, Types

DevSecOps, an overall new term in the application security AppSec space, is associated with presenting security before in the thing improvement life cycle SDLC by fostering the nearby coordinated effort among movement and activities packs in the DevOps headway to join security bundles too. It...

The Evolution of DevOps in 2021

DevOps has long been a key tool in helping organizations reliably and rapidly deliver systems into production. While in the past, IT and software development teams suffered from lengthy processes and struggled to resolve incompatible priorities, now DevOps allows for easier collaboration, as well...

Building a Holistic VRM Strategy That Includes the Web Application Layer

Building security into your overall vulnerability risk management VRM strategy is a must-do in the age of the all-important web app. Between security and IT-Ops teams, there are a number of steps in the VRM process, including asset identification, enumeration, prioritization, and remediation. How...

Imperva is a Leader in the Forrester Wave: Web Application Firewalls, Q1

Web application firewalls continue to be a core technology function for securing critical assets, and for IT professionals, market analyst reports and validation are critical when deciding upon new WAF solutions. That’s why we’re proud to share that Imperva Cloud WAF has recently been recognized ...

How to Fine-Tune Static Code Analysis - Part 1

Before integrating SAST into your SDLC you want to make sure that your code analysis produces only relevant findings with the best performance possible. In the first part of this guide, we will cover the following 5 configuration options and best practices for fine-tuning: Set the Language Versio...

Exploit for Improper Privilege Management in Cloudcti Hip_Integrator_Recognition_Configuration_Tool

Author: Arn Vollebregt Introduction Creativity is at the c...

Netsparker Cloud - Online Web Application Security Scanner

Netsparker Cloud is an online web application security scanner built around the advanced scanning technology of Netsparker Web Application Security Scanner; the only false positive free automated desktop based web vulnerability scanner. Benefit from the Cloud AFFORDABLE AND MAINTENANCE FREE WEB...

OWASP Releases Latest App Sec Testing Guide

Advocates with the web application security consortium OWASP published the latest iteration of its Testing Guide this week. The guide, celebrating its 10th anniversary this year, is an informational manual designed to teach developers how to build and maintain secure applications in the face of...

Cisco Systems Cross Site Scripting

. / \ | |/ / / /\ | |\ \ / | \ |/ \ | // / / / Corporation c 2014 CISCO Systems Inc. Security Report ============================================================ Published Report: 19/02/2014 Credits: Advanced Information Security Corporation, USA Severity: High/Critical OWASP TOP 10 CVSS: 7.0...