Rapid7 - insightAppSec

The Universal Translator understands the formats, protocols, and development technologies used in modern mobile and browser-based applications. Whether analyzing data from a traditional name::value pair crawl or traffic captured within a proxy capture for modern apps, the Universal Translator normalizes traffic and attacks your application to uncover vulnerabilities.

Our research and product teams keep up with the latest app security attacks and best practices, so you don’t have to. InsightAppSec goes beyond just the OWASP Top Ten to test for over 95 attack types and best practices; you can also create custom checks to address issues and risks custom to your environment.

Attack Replay allows your developers to confirm a vulnerability on their own without needing to run a scan. Sometimes providing a static report isn’t enough to prove a vulnerability exists—developers need an easy way to reproduce an issue. Enter Attack Replay. After developers have implemented a fix for the vulnerability, they can immediately test their work, thus helping them to quickly close out their tickets and simultaneously reduce application security risk.

Findings from InsightAppSec can be exported in both static and interactive HTML formats; the interactive report provides business and development stakeholders with a powerful and easy way to navigate and review scan results. Rich, technical details on vulnerabilities needing remediation and recorded traffic are available directly from the report, reducing the amount of back-and-forth between security and development teams during remediation efforts. Developers can also leverage Attack Replay to validate the listed vulnerabilities. Compliance-specific report templates provide immediate understanding of the compliance risk of your web applications.

Scan multiple targets at a time with InsightAppSec's cloud engines. Pre-production and internal web applications hosted on closed networks can also be scanned with an optional scan engine deployed on-premises. Download the engine installer directly from InsightAppSec, pair it with your account, and access all of your internal and external scan configurations and results from the cloud-based console.

Powerful scan scheduling and blackout periods ensure you are in complete control of when scans do or do not run. Scheduled scans also provide continuous visibility into the security risk of frequently updated applications. Blackout periods prevent scans from running when applications are in high demand, avoiding potential negative user impacts.