• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • CISSP Seminar
  • NeXpose Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Web Application VA
• Database VA
• Network & OS VA
• Compliance Scanning

Of further interest:

• Intro to NeXpose Web Application Scanning
• NeXpose Web Application Scanning Release
• White paper - NeXpose Vulnerability Management
• NeXpose Datasheet

Web Application Vulnerability Assessment

Download the Web 2.0 and Web Application White Paper

NeXpose helps you secure your Web applications before your systems are compromised. Just like your network devices, operating systems and other enterprise applications, your Web applications need continual scanning to ensure new exposures haven't been introduced through software upgrades.

NeXpose is the only web application vulnerability management system that:

• Provides browser-based scanning - Web and Web 2.0 applications take user interaction to a new level, opening up potential weaknesses that could affect the security of your entire networked environment. NeXpose scans the client-side components of the application to ensure your systems are secured.
• Scans Web 2.0 applications - NeXpose is the first vulnerability scanning solution that analyzes JavaScript, AJAX and Flash applications in testing, quality assurance, deployment and ongoing management.
• Secures the complete Web application - NeXpose identifies vulnerabilities throughout the entire application, scanning the browser and server-side components such as databases, shopping carts and other third party applications for exposures that other Web application scanners do not find.
• Detects more vulnerabiities than traditional Web scanners - NeXpose uses Web Application Pass-Through Scanning, its ability to understand how one vulnerability can lead to another, to detect and provide remediation guidance for vulnerabilities that lie deeply under the surface that other scanners miss.

A Playground for Malicious Attackers

With millions of people using the Internet to bank, pay bills, shop, communicate and perform research, companies can no longer secure their networks by locking down the perimeter from unauthorized users. The popularity of Web application has made them a choice target for hackers who attempt to corrupt data, crash hosts, gain access to the corporate network and steal valuable information. Because they exist as a conduit between external users and a company’s internal databases, web applications can be one of the biggest IT security risks. For web sites that take credit cards, the risk transcends the corporation to individuals who conduct e-commerce on the Internet. For these reasons, Web applications need to be audited on a regular basis and closely monitored for changes and improper usage.

As more and more organizations develop Web and Web 2.0 applications, vulnerabilities and exploits will increase exponentially. To mitigate the risk, many businesses turn to Web application scanners. However, Web application scanners are good tools for the developer, enabling them to find security risks in their code during development. However, once the application goes live, Web application scanners struggle to recognize and uncover vulnerabilities in new functionality such as JavaScript, AJAX and Flash.

NeXpose - Guidance to Make Your Web Applications Safe

Rapid7 developed Browser Emulation Scanning Technology (BEST) in response to the increased use of AJAX for dynamic Web programming, which makes Web sites and applications vulnerable to cross-site scripting (XSS), SQL injection and other risks. With BEST, NeXpose takes automatic Web spidering and analysis capabilities to the next level, and is the first to provide a vulnerability scanning solution that analyzes JavaScript, AJAX and Flash applications in testing, quality assurance, deployment and ongoing management. NeXpose provides optimal web application scanning completely integrated with network vulnerability management.

NeXpose offers the following benefits to organizations:

• Complete Vulnerability Management Solution - NeXpose is a complete scanning solution for deployed web applications, scanning the Web application, network and operating system, database and third party applications that are integral components of the total Web solution.
• Fast scanning for multiple Web applications - NeXpose web spidering and scanning capabilities simultaneously scans multiple web applications for vulnerabilities while completing more than 30,000 checks, saving time for the administrators.
• Web Application Pass-Through Scanning – Other scanners stop scanning any further when they find a vulnerability. NeXpose uses information about the vulnerability it finds to test for other exposures that could exist to scan for deeper vulnerabilities.

To find out what your applications may contain that could compromise your Web server, browse our online Vulnerability Database. Try NeXpose for yourself to see what it can find in your environment. Request your 20 day evaluation today.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact