Resources

In today’s world of complex, modern web applications, accurate and automated Dynamic Application Security Testing (DAST) tools are rare, but do exist. What characteristics should you look for in a DAST tool to give you greater accuracy and ease of use?

It’s time to break down silos and drive secure innovation, together. The practice of SecOps creates an alliance between Security, IT, and DevOps to make security an inherent outcome of all business innovation and operations. The Rapid7 Insight platform equips you with the visibility, analytics, and automation you need to unite your teams and amplify your efficiency.

In 2017, Rapid7 launched the “Under the Hoodie” project to demystify the practice of penetration testing by surveying those who are in the field and conducting the investigations on what they most commonly see during client engagements. We have renewed this approach in 2018 to continue providing visibility into this often occult niche of information security.

Security organizations must rethink their vulnerability management programs. They need to monitor complex, dynamic computing environments, and respond in minutes or hours when issues are discovered—not days or weeks.

The articulated intent, to "lead an open and transparent process to identify and promote action by appropriate stakeholders to improve the resilience of the Internet and communications ecosystem and to encourage collaboration with the goal of dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets)" is timely and appropriate.

Despite regulatory and administrative requirements, the public sector continues to be attacked and exploited by sophisticated threat actors. The fragmentation of security resources leaves federal, state and local agencies constantly fighting fires throughout the enterprise.

CrowdStrike’s Falcon MalQuery is an advanced, cloud-based malware research tool that enables security professionals and researchers to quickly search a massive dataset of malware samples, validating potential risks and staying ahead of would-be attackers.

The global CrowdStrike Falcon Intelligence™ team tracks adversaries of all types — nation-state, criminal, hacktivist — to provide the customized and actionable intelligence you need to stay ahead of disruptive threat actors targeting your organization.

The CrowdStrike Falcon® platform was designed to be open, with a focus on providing rich APIs to allow customers and partners to benefit from its power. The Falcon platform APIs access CrowdStrike cloud data, enabling you to leverage your existing security investments and enhance your protection.

The radical shift in the scale and economics of cybercrime calls for an equally radical change in how IT protects user systems. Whether it is from phishing attempts, drive-by-downloads, or malware-free intrusion techniques, endpoints are usually at the spear tip of assaults on enterprise networks.

One of the fastest growing threats in cybersecurity today, ransomware is quickly becoming the favored means for cybercriminals to extract a profit from unsuspecting victims. As ransomware mushrooms with new malware variants and new ways of scamming victims, businesses can no longer afford to discount it as a consumer-only problem.

The NIST Cybersecurity Framework offers federal agencies a flexible approach to securing today's multifaceted IT systems. 

More than 50% of all attacks now target the application layer, yet fewer than 10% of agencies test all of their business critical applications. Application security is more important than ever, and will grow increasingly important as agencies search to find new solutions to this mounting problem. Join Don MacLean, Chief Cyber Security Technologist at DLT Solutions, and Chris Rhondeau, Principal Solution Architect at Veracode, as they discuss how to build and test Application Security programs for government agencies in this quick on-demand webinar.

Veracode’s cloud-based platform assesses applications for compliance with standard controls such as PCI, the OWASP Top 10 and the SANS Top 25. Policies can easily be customized to support specific corporate audit requirements as well as compliance requirements for SOX, HIPAA, NIST 800-53, MAS and other mandates.

Veracode Web Application Scanning (WAS) offers a unified solution to discover, test and monitor all of your applications — not just the ones you know about. To manage the risk of applications in production, Veracode discovers and inventories your external web applications, then performs a lightweight, production-safe scan on thousands of sites in parallel to help you prioritize your biggest risks. For greater risk reduction, you can run authenticated deep scans on critical applications. In development, you can use Veracode WAS in staging or QA to detect vulnerabilities. In addition, Veracode offers multiple scanning technologies on a single platform, so you get unified results and analytics, plus increased accuracy.