• Call Center
  • 02-026-6664
ตะกร้า 0

Rapid7 Appspider

พร้อมส่ง
SKU
Rapid 7 Appspider
฿2,000,000.00

Keep Pace with the App Evolution

From SPAs to mobile apps, even today’s most modern apps are no match for AppSpider.

 

Work within the SDLC

Most application security vulnerabilities are actually defects in the design—naturally, finding them earlier in the software development lifecycle (SDLC) reduces risk and saves you time, money, and a whole mess of ibuprofen.

 

Set DevOps Up for Success

AppSpider’s reporting and DevOps integration help streamline remediation efforts by providing developers with the information they need—in a language they understand.

Control and Automate

With our web application security testing solution, you're always in control.

Rapid7 Appspider
Rapid7 Appspider Rapid7 Appspider Rapid7 Appspider

Pinpoint and Protect Security Gaps in Your Applications

With F5® BIG-IP® Application Security Manager™ (ASM) and Rapid7 AppSpider

Integration Benefits

Reduce risk and save time by:

  • Finding application security vulnerabilities in modern applications that include APIs and dynamic clients.
  • Enabling them to remediate security vulnerabilities quickly with a virtual patch while development works on a source code fix.
  • Providing the ability to test and validate virtual patches with AppSpider’s interactive attack replay feature.

Organizations today are challenged to not just measure their application security risk, but also fix the vulnerabilities that create that risk. Unfortunately, it’s not as simple as it sounds; many application vulnerabilities require code changes that can be costly and time consuming to implement, and entail constant back-and-forth between security and development teams to identify, validate, and fix. Sound painful? It often is.

That’s why F5 BIG-IP® Application Security Manager™ (ASM) integrates with Rapid7 AppSpider to reduce the amount of time you’re left exposed to attack while longer-term fixes are built and implemented.

How It Works

AppSpider’s Defend capability enables you to close security gaps in applications while the development team works to deliver a source code patch. AppSpider will generate Web Application Firewall (WAF) rules custom to the vulnerabilities that are identified. These virtual patches are tailored to specific vulnerabilities found in a target application so that the highest level of protection can be applied by the WAF. Through the integration with F5®’s BIG-IP® Application Security Manager™ (ASM), WAF rules generated by AppSpider can be immediately imported into F5 BIG-IP ASM for remediation that takes only minutes—not the days and weeks required by a source code patch. After the custom rule is enforced by an F5 BIG-IP ASM policy, AppSpider can also test the virtual patch and confirm the security gap is closed with its interactive attack replay feature.

F5 and AppSpider Integration

 

Figure 1: AppSpider and F5 BIG-IP Application Security Manager (ASM) integrate to reduce the time vulnerable applications are exposed to attack.

F5 BIG-IP and AppSpider Integration Diagram

Overview of the Integration Process

  • Step 1: Conduct a Dynamic Application Security Testing (DAST) scan on the target application with Rapid7 AppSpider.
  • Step 2: Review AppSpider scan results and confirm vulnerabilities. Validation is performed by reviewing recorded HTTP traffic and utilizing the interactive attack replay feature.
  • Step 3: From the AppSpider Defend screen, load the XML AppSpider scan results and select “F5” as the WAF Rule output type.
  • Step 4: In the F5 BIG-IP ASM configuration utility, import the WAF Rule generated by AppSpider into an Application Security policy, using the “Create a security policy using third party vulnerability assessment tool output” option.
  • Step 5: Set policy enforcement mode to “Transparent” if attacks on the vulnerabilities should only be logged. Select “Blocking” to block these attacks.
เขียนรีวิวสินค้าของคุณเอง
เฉพาะผู้ใช้ที่ลงทะเบียนแล้วสามารถแสดงความคิดเห็น กรุณา เข้าสู่ระบบ หรือ สร้างบัญชี