Machine Learning Authors: Yeshim Deniz, Liz McMillan, Pat Romanski, Elizabeth White, Corey Roth

Related Topics: Machine Learning

Machine Learning : Article

Rapid7 Introduces BEST for Detecting JavaScript Code Vulnerabilities in Web Applications

First Vulnerability Scanning Solution That Analyzes Code in Deployed Web Apps

Rapid7, provider of the award-winning NeXpose enterprise vulnerability management solution, has introduced Browser Emulation Scanning Technology (BEST) for scanning Web applications for vulnerabilities in JavaScript code. With BEST, Rapid7 takes NeXpose’s robust, automatic Web spidering and analysis capabilities to the next level, and is the first to provide a vulnerability scanning solution that analyzes JavaScript code in deployed, running Web applications.

Rapid7 developed BEST in response to the increased use of Asynchronous JavaScript and XML (AJAX) for dynamic Web programming, which makes Web sites and applications vulnerable to Document Object Model or DOM-based cross-site scripting (XSS) and other risks. DOM-based XSS allows an attacker to trick a Web application into emitting malicious JavaScript or HTML code that appears to come from the application when it runs in the browser of an unsuspecting user.

NeXpose thinks like the browser and performs static analyses of the JavaScript code embedded in Web applications. As a result, NeXpose uncovers exposures not found by other vulnerability assessment solutions, which only scan for vulnerabilities at the server and application levels.

“With the explosion of AJAX for developing interactive Web applications, there is more complex, rich-client functionality via JavaScript, which creates further opportunities for exposures that can put organizations at risk,” said Alan Matthews, president of Rapid7 LLC. “Web 2.0 contains numerous threats, such as DOM-based cross-site scripting, race conditions, cross-site request forgery (XSRF) and data manipulation. NeXpose eliminates these threats by taking a multi-pronged approach that includes front and back-end scanning of the Web server, Web applications and the embedded JavaScript code.”

“Because Web applications are frequently modified, they are more susceptible to vulnerabilities, particularly within their source code,” stated Neil MacDonald, VP and Distinguished Analyst, Gartner. “The increasing use of rich user interface designs in AJAX-based Web applications means that JavaScript source code scanning must become a standard part of Web application security scanning.”

Rapid7’s BEST is available in the current release of NeXpose, Version 4.1. Future NeXpose releases will extend BEST coverage to Adobe/Macromedia Flash and ActionScript.

More Stories By RIA News Desk

Ever since Google popularized a smarter, more responsive and interactive Web experience by using AJAX (Asynchronous JavaScript + XML) for its Google Maps & Gmail applications, SYS-CON's RIA News Desk has been covering every aspect of Rich Internet Applications and those creating and deploying them. If you have breaking RIA news, please send it to [email protected] to share your product and company news coverage with AJAXWorld readers.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

CloudEXPO Stories
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the benefits of the cloud without losing performance as containers become the new paradigm.
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to integrate with your existing systems and security best practices.
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and GM, discussed how clients in this new era of innovation can apply data, technology, plus human ingenuity to springboard to advance new business value and opportunities.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to the new world.