PRODUCT BRIEF
appspider
Empowering DevSecOps with Application
Assessment for the Modern World
Discover security holes in
even the most complex While today’s malicious attackers pursue a variety of goals, they share a preferred
applications. channel of attack—the millions of custom web, mobile, and cloud applications
companies deploy to serve their customers. AppSpider dynamically assesses these
• Know Your Weak Points applications for vulnerabilities across all modern technologies, provides tools that
speed remediation, and monitors applications for changes. Keep your applications
• �Prioritize What
safe and secure—now and moving forward.
Matters Most
• Improve Your Position KNOW YOUR WEAK POINTS
AppSpider automatically finds vulnerabilities across a wide range of applications—
from the relatively simple to the most complex—and it includes unique capabilities
and integrations that enable teams to automate more of the security testing
program across the entire software development lifecycle (SDLC), from creation
through production.
Coverage is the first step to scanner accuracy. Scanners were originally built with
a crawl and attack architecture, but crawling doesn’t work for web services and
other dynamic technologies. AppSpider can still crawl traditional name=value pair
formats like HTML, but it also has a Universal Translator that can interpret the new
technologies being used in today’s web and mobile applications (AJAX, GWT, REST,
JSON, etc.).
READY TO GET
STARTED WITH RAPID7 With AppSpider, you can:
APPSEC SOLUTIONS? • Close the coverage gap with our Universal Translator
Sta rt your free 30-day t r ia l to d ay .
• Intelligently simulate real world attacks
• Continuously monitor your applications
• Stay authenticated for deep assessment
� #1
Web application attacks are the most common
source of breaches.
-2018 Verizon Data Breach Investigations Report
PRIORITIZE WHAT MATTERS MOST
AppSpider includes interactive actionable reports that prioritize the highest risk and
“AppSpider has good
streamline remediation efforts by enabling users to quickly get to and analyze the SDLC and enterprise
data that matters most. With one click, you can drill deep into a vulnerability to get
more information and replay attacks in real-time. integration
Sifting through pages and pages of vulnerabilities in a PDF report takes too much capabilities for
time. AppSpider provides interactive, actionable reports that behave like web pages
with intuitive organization and links for deeper analysis. Analysis doesn’t have to be a DAST solution,
tedious: Findings are organized and consolidated by attack types (XSS, SQLi, etc.),
and with one click, you can drill deep into a vulnerability to get more information.
including plug-ins
AppSpider’s sophisticated reports reduce remediation time and streamline with bug-tracking
communication with developers.
tools, WAF and IPS
With AppSpider, you can:
products.”
• Conduct deeper analysis with interactive reports
• Quickly replay web attacks - Gartner, 2018 Magic Quadrant for
• Categorize applications for easy reporting Application Security Testing
IMPROVE YOUR POSITION
In order to improve your overall security posture, you need a high-level view of your
application security program that enables you to see where things stand. AppSpider
enables centralized control, automation, and interoperability over all aspects of
your enterprise web application security program, including: continuous scanning
configuration, user permissions, scheduling, and monitoring. In addition, AppSpider
includes trends and analysis data to help collaborate with all stakeholders toward
improved security posture.
Time is critical when remediating vulnerabilities. Using innovative automated rule MEET COMPLIANCE
generation, AppSpider’s defensive capabilities help security professionals patch REQUIREMENTS
web application vulnerabilities almost immediately—in a matter of minutes, instead Keeping up with industry best
of days or weeks. Without the need to build a custom rule for a web application practices and legal and regulatory
firewall (WAF) or intrusion prevention system (IPS), or the need to deliver a source compliance issues is no easy task.
code patch, our software allows you the time to identify the root cause of the AppSpider helps your team quickly
problem and fix it in the code. see gaps in compliance and well
known best practices including:
With AppSpider, you can: PCI, FISMA, SOX, HIPAA, GLBA,
OWASP, and more.
• Manage and control application security programs
• Automate targeted virtual patching
• Meet compliance requirements
• Integrate into your DevSecOps workflow
MAXIMIZE YOUR TECH STACK
You move faster when security moves left in the SDLC.
Start by integrating AppSpider with the tools of your DevOps team.
