Rapid 7 Whitepapers


Sort by: Date | Company | Title


Application Security Buyers Guide: 15 Requirements
By Rapid 7 | 1/3/2017

In today’s world, highly accurate automated web application scanning is a complex thing, but it does exist. What characteristics should you look for in a scanner to give you more coverage, greater accuracy and ease of use?

Download this now


Vulnerability Management Buyer’s Guide
By Rapid 7 | 1/3/2017

Exploiting weaknesses in browsers, operating systems, and other third-party software to infect end user systems is a common initial step for security attacks and breaches. Finding and fixing these vulnerabilities before the attackers can take advantage of them is a proactive defensive measure that is an essential part of any security program.

Overview of VM Program: Prepare Assess Remediate Track Progress

Download this now


Building a World-Class Web Application Security Program: Microsoft Uses AppSpider
By Rapid 7 | 2/6/2016

When Microsoft undertook an extensive evaluation of Web Application Vulnerability scanning solutions on the market, the company’s Cloud and Enterprise Security Services team knew it would be no small task. Microsoft wanted to build a world class, scalable Web App Vulnerability scanning service that would serve all of their different service teams in building secure applications. Top on the list of technical aspects was whether the Web App Vuln Scanning solution could handle the general scale of a company as large as Microsoft.

Read this case-study to learn what factors went into Microsoft’s key decision criteria in deciding on a web application program for its project.

Download this now


The Attacker’s Dictionary
By Rapid 7 | 2/6/2016

This research report is the result of a year long data collection program of opportunistic credential scanning data from Heisenberg, Rapid7’s public-facing network of low-interaction honeypots.

Instead of focusing on the type of passwords end users typically pick, this data shows what passwords opportunistic scanners are using in order to test and likely compromise Internet connected point of sale systems, kiosks, and desktop PCs which offer Remote Desktop Protocol service for remote management.

Download this now