Patents Assigned to Rapid7 LLC
  • Patent number: 10262142
    Abstract: The field of the invention relates to systems and methods for advanced dynamic analysis scanning for vulnerabilities using a universal translator. In an embodiment, the system includes a dynamic analysis scanner subsystem communicatively coupled to a networked computing system; the scanner subsystem is configured to crawl one or more dynamic web pages of the networked computing system, generate test data for the networked computing system, transmit the generated test data to the networked computing system, and record the networked computing system's response to the generated test data. The scanner may further comprise a universal translator configured to detect vulnerabilities and generate test data for the dynamic web pages of the networked computing system. The scanner subsystem may further comprise a smart scheduler.
    Type: Grant
    Filed: March 14, 2016
    Date of Patent: April 16, 2019
    Assignee: Rapid7 LLC
    Inventors: Dan Kuykendall, Matthew Cohen, Dmitriy Kashitsyn, Andrew Tisdale, Michael J. Morton, Artem Astrakhantsev
  • Patent number: 10043011
    Abstract: A solution recommendation (SR) tool can receive vulnerabilities identified by a vulnerability scanner and/or penetration testing tool. The SR tool can determine various approaches for remediating or mitigating the identified vulnerabilities, and can prioritize the various approaches based on the efficiency of the various approaches in remediating or mitigating the identified vulnerabilities. The SR tool can recommend one or more of the prioritized approaches based on constraints such as cost, effectiveness, complexity, and the like. Once the one or more of the prioritized approaches are selected, the SR tool can recommend the one or more prioritized approaches to third-party experts for evaluation.
    Type: Grant
    Filed: January 19, 2011
    Date of Patent: August 7, 2018
    Assignee: Rapid7, LLC
    Inventors: Derek M. Abdine, Anastasios Giakouminakis, Chad Loder, Richard D. Li
  • Patent number: 9411965
    Abstract: A security tool can identify vulnerabilities in a computing system and determine a risk level of the vulnerabilities based on base and optional CVSS vectors and additional factors that represent the evolving nature of vulnerabilities. Likewise, the security tool can determine an overall risk for vulnerabilities, an asset, and/or a collection of assets that encompasses a global view of an asset's risk and/or collection of assets' risk, business considerations of an entity that own and controls the asset and/or the collection of assets, and the entity's associations.
    Type: Grant
    Filed: September 22, 2015
    Date of Patent: August 9, 2016
    Assignee: Rapid7 LLC
    Inventors: Anastasios Giakouminakis, Sheldon E Malm, Chad Loder, Richard D Li
  • Patent number: 9317693
    Abstract: The field of the invention relates to systems and methods for advanced dynamic analysis scanning for vulnerabilities using a universal translator. In an embodiment, the system includes a dynamic analysis scanner subsystem communicatively coupled to a networked computing system; the scanner subsystem is configured to crawl one or more dynamic web pages of the networked computing system, generate test data for the networked computing system, transmit the generated test data to the networked computing system, and record the networked computing system's response to the generated test data. The scanner may further comprise a universal translator configured to detect vulnerabilities and generate test data for the dynamic web pages of the networked computing system. The scanner subsystem may further comprise a smart scheduler.
    Type: Grant
    Filed: October 22, 2013
    Date of Patent: April 19, 2016
    Assignee: RAPID7, LLC
    Inventors: Dan Kuykendall, Matthew Cohen, Dmitriy Kashitsyn, Andrew Tisdale, Michael J. Morton, Artem Astrakhantsev
  • Patent number: 9270694
    Abstract: A security assessment tool can determine computer assets in a network and provide an overall security score for the network. The overall security score can represent an objective measure of the security of the network that considers potential security threats to the computer assets, counter measures deployed in the network to address the potential security threats, and the effectiveness of the counter measures. Based on the overall security assessment, the security assessment tool can provide recommendations for improving the security of the network.
    Type: Grant
    Filed: May 21, 2013
    Date of Patent: February 23, 2016
    Assignee: RAPID7, LLC
    Inventors: Chad Loder, Dana Elizabeth Wolf, Matthew Robert Hathaway
  • Patent number: 9264444
    Abstract: A security assessment tool can determine computer assets in a network and provide an overall security score for the network. The overall security score can represent an objective measure of the security of the network that considers potential security threats to the computer assets, counter measures deployed in the network to address the potential security threats, and the effectiveness of the counter measures. Based on the overall security assessment, the security assessment tool can provide recommendations for improving the security of the network.
    Type: Grant
    Filed: May 21, 2013
    Date of Patent: February 16, 2016
    Assignee: RAPID7, LLC
    Inventors: HD Moore, Roy Donald Hodgman, Dana Elizabeth Wolf, Matthew Robert Hathaway
  • Patent number: 9251282
    Abstract: Systems and methods of determining compliance of content in a website or web application are disclosed. The systems and methods comprise a compliance tool to retrieve data associated with website or web application content. The compliance tool can scan the data to determine references to network locations. The compliance tool can compare the references to one or more approval rules to determine whether the references comply with the approval rules. A report can be compiled and outputted that indicates which references comply and which references do not comply with the approval rules. A user can have the option to add non-complying references to an approved list. The compliance tool can further remove non-complying references from the website or web application data and/or register non-complying references with a firewall.
    Type: Grant
    Filed: June 21, 2010
    Date of Patent: February 2, 2016
    Assignee: RAPID7 LLC
    Inventor: Chad Loder
  • Patent number: 9141805
    Abstract: A security tool can identify vulnerabilities in a computing system and determine a risk level of the vulnerabilities based on base and optional CVSS vectors and additional factors that represent the evolving nature of vulnerabilities. Likewise, the security tool can determine an overall risk for vulnerabilities, an asset, and/or a collection of assets that encompasses a global view of an asset's risk and/or collection of assets' risk, business considerations of an entity that own and controls the asset and/or the collection of assets, and the entity's associations.
    Type: Grant
    Filed: November 17, 2011
    Date of Patent: September 22, 2015
    Assignee: RAPID7 LLC
    Inventors: Anastasios Giakouminakis, Sheldon E. Malm, Chad Loder, Richard D. Li
  • Publication number: 20140351939
    Abstract: A security assessment tool can determine computer assets in a network and provide an overall security score for the network. The overall security score can represent an objective measure of the security of the network that considers potential security threats to the computer assets, counter measures deployed in the network to address the potential security threats, and the effectiveness of the counter measures. Based on the overall security assessment, the security assessment tool can provide recommendations for improving the security of the network.
    Type: Application
    Filed: May 21, 2013
    Publication date: November 27, 2014
    Applicant: Rapid7, LLC
    Inventors: HD Moore, Roy Donald Hodgman, Dana Elizabeth Wolf, Matthew Robert Hathaway
  • Publication number: 20140351940
    Abstract: A security assessment tool can determine computer assets in a network and provide an overall security score for the network. The overall security score can represent an objective measure of the security of the network that considers potential security threats to the computer assets, counter measures deployed in the network to address the potential security threats, and the effectiveness of the counter measures. Based on the overall security assessment, the security assessment tool can provide recommendations for improving the security of the network.
    Type: Application
    Filed: May 21, 2013
    Publication date: November 27, 2014
    Applicant: Rapid7, LLC
    Inventors: Chad Loder, Dana Elizabeth Wolf, Matthew Robert Hathaway
  • Patent number: 8875296
    Abstract: A security tool can utilize a vulnerability in a computing system or credentials for the computing system to gain access to the computing system. Once access is gained, the security tool can deliver an agent to the computing system. The agent can execute, detected or undetected, on the computing system in order to establish a network link between the computing system and the security tool. Once established, the security tool creates a virtual network interface on the computing system on which it is running and instructs the agent to relay network traffic between the virtual network interface of the computing system executing the security tool and the existing network interfaces of computing system executing the agent.
    Type: Grant
    Filed: March 13, 2012
    Date of Patent: October 28, 2014
    Assignee: Rapid7, LLC
    Inventor: H. D. Moore
  • Patent number: 8819832
    Abstract: Embodiments described herein relate to systems and methods for performing vulnerability scans on virtual machines. The systems and methods comprise a virtual asset tool that can instantiate a vulnerability scanner on a physical machine hosting a set of virtual machines. The vulnerability scanner can scan the virtual machines to identify any vulnerabilities, security flaws, or other risks, and can provide a result of the scan to the virtual asset tool. In embodiments, the virtual asset tool can examine the result of the scan to identify any vulnerabilities resulting from the scan.
    Type: Grant
    Filed: August 26, 2011
    Date of Patent: August 26, 2014
    Assignee: Rapid7, LLC
    Inventors: Richard D. Li, Jeffrey L. Berger, Anastasios Giakouminakis
  • Patent number: D631022
    Type: Grant
    Filed: July 17, 2009
    Date of Patent: January 18, 2011
    Assignee: Rapid7 LLC
    Inventor: Harold Jason Treulich