• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • CISSP Seminar
  • NeXpose Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Management
• Customers
• Partners
• Press Room
• Events
• Contact
• Careers

PR Contact

Beth Bryant
BBWrites Strategic Communications
(508) 786-3013
Email Press Contact

• PDF format

Rapid7 Updates Industry Leading Network, Web and Web 2.0 Application Vulnerability Scanning Solution

Rapid7 is First to Deliver a Vulnerability Scanning Solution That Analyzes Web Application and Web 2.0 Vulnerabilities in JavaScript and AJAX

Boston - November 14, 2007, the leading provider of Unified Vulnerability Management (UVM) solutions for large enterprise deployments and small to medium businesses, today announces the availability of the latest version of Rapid7 NeXpose. NeXpose 4.6 enhances Rapid7's industry leading web application scanning and network vulnerability assessment solution and allows organization to scan entire networks and take full advantage of their Web applications.

Security experts agree as more and more organizations develop Web and Web 2.0 applications, vulnerabilities and exploits will increase exponentially. To mitigate the risk, many businesses turn to Web Application scanners. However, Web application scanners struggle to recognize and uncover vulnerabilities in new functionality such as JavaScript, AJAX, Flash Flex, ActionScript, ASP.NET 2.0 (Atlas) and .NET 3.0.

According to Gartner in Web 2.0 Needs Security by John Pescatore, "The dynamic and distributed nature of Web 2.0 applications means that some new approaches will be required to maintain the necessary level of business strength security. Vulnerability assessment techniques will need to be extended to deal with client-side executables and service-oriented architectures."

In 2006, Rapid7 developed Browser Emulation Scanning Technology (BEST) for scanning Web and Web 2.0 applications for vulnerabilities in JavaScript code. With BEST, Rapid7 takes NeXpose's robust, automatic Web spidering and analysis capabilities to the next level, and is the first to provide a vulnerability scanning solution that analyzes JavaScript, AJAX and Flash applications in testing, quality assurance, deployment and ongoing management.

Rapid7 developed BEST in response to the increased use of Asynchronous JavaScript and XML (AJAX) for dynamic Web programming, which makes Web sites and applications vulnerable to Document Object Model or DOM-based cross-site scripting (XSS) and other risks. DOM-based XSS allows an attacker to trick a Web application into emitting malicious JavaScript or HTML code that appears to come from the application when it runs in the browser of an unsuspecting user.

"With version 4.6, NeXpose allows organizations to leverage their investment in Web applications and secure their entire network," states Alan Matthews, president of Rapid7 LLC. "Web applications, including Web 2.0, consist of many moving parts such as databases, operating systems and third-party applications. At Rapid7, we understand that customers require a solution like NeXpose that provides optimal web scanning and is completely integrated with network vulnerability management".

NeXpose 4.6 includes the following new and enhanced features:

• Browser Emulation Scanning Technology (BEST) - Client-side scanning of Web applications for vulnerabilities in JavaScript, AJAX, Flash, Flex, ActionScript, ASP.NET 2.0 (Atlas) and .NET 3.0.
• Web Application Pass-Through Scanning – Unlike other scanners that stop when they find a vulnerability, NeXpose passes through the initial vulnerability to scan for deeper vulnerabilities.
• Web-Spidering Technology - NeXpose 4.6 increases scalability and performance.
• Batched Scanning – Reduces scan times and allows customers to target specific and mission critical addresses.
• Content Scanning – Customers can scan applications for specific content such as credit card and social security numbers.

First introduced in 2001, Rapid7’s NeXpose scans Web server applications, databases, operating systems, and network devices to locate threats, assess their risk to the environment, devise a remediation plan and implement the ticketing process. NeXpose incorporates an expert system to build a knowledge base of facts on the environment it is exploring and model potential targeted attacks to expose all existing threats. NeXpose provides reporting capabilities that ensure compliance with governmental regulations and corporate security configuration policies. NeXpose PCI Compliance services meet the security scanning requirements of the MasterCard Site Data Protection (SDP) Program.

About Rapid7

Rapid7 is the leading provider of Unified Vulnerability Management (UVM) Solutions. Rapid7’s NeXpose UVM provides network, database and Web application vulnerability management for enterprise deployments and small-to-medium businesses. Since its introduction, NeXpose has been sold to corporate enterprises, Global 2000 companies, and government entities, and serves the full range of vertical markets across the U.S. and abroad. In addition, Rapid7 provides compliance products and services for PCI, HIPAA and Sarbanes Oxley. Rapid7 is headquartered in Boston, MA, with an office in Los Angeles, California.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact