Welcome!

@CloudExpo Authors: Liz McMillan, Elizabeth White, Pat Romanski, Larry Alton, Patrick Hubbard

News Feed Item

Vulnerabilities In Mobile and Modern Web Applications Now Detectable with NTOSpider 6.0

Security Professionals Can Now Obtain Comprehensive, Automated Coverage of Mobile, AJAX, SOAP, JSON and Other Modern Application Technologies Previously Only Discoverable by Manual Testing

IRVINE, Calif., Feb. 13, 2013 /PRNewswire/ -- NT OBJECTives today introduces NTOSpider 6.0, the first web application scanner to allow security teams to automatically crawl, interpret and scan modern application technologies such as Mobile, JSON, REST, SOAP, HTML5 and AJAX.  Considered a giant leap forward in application security, the new dynamic application security testing (DAST) solution includes Universal Translator technology that can automatically crawl, detect and attack vulnerabilities that were previously inaccessible to other scanners.

(Logo: http://photos.prnewswire.com/prnh/20121025/PH00003LOGO-b )

"We are seeing the proliferation of modern applications, and with that, an astounding number of vulnerabilities that simply couldn't be detected with any automated solution," says Dan Kuykendall, co-CEO and CTO of NT OBJECTives.  "When you really test them well and get into places where existing scanners can't go, you find a lot of undiscovered vulnerabilities. These new technologies are giving hackers easily exploitable vulnerabilities like SQL injection all over again."

By 2015, consumer purchases via mobile phone and tablets are estimated to reach $1.3 trillion - quadruple the amount today, forecasts Juniper Research.  Today, nearly 30 percent of all shopping sites are using JSON and another 15 percent of them are using AJAX. That number is expected to increase exponentially as more developers rely on a potpourri of application technologies to build rich and mobile web applications.  

"The same old vulnerabilities like SQL Injection and OS Command Injection are now showing up in new places. Hackers are aware of the deficiencies in scanners and know that organizations simply don't have the time, resources or expertise to manually test all their web applications," says Kevin Mitnick, public speaker, consultant, and author of the recently published, Ghost in the Wires: My Adventures as the World's Most Wanted Hacker. "What NTO is doing is incredibly valuable and particularly leading edge in a market that has been lagging to keep up."

Today, many web scanners can effectively scan HTML4 sites, but are unable to translate and assess the modern technologies that have become increasingly prevalent and necessary to deliver the rich experience users demand. Such scanners can give security teams a false sense of security by appearing to scan these technologies, but in reality they cannot interpret them or automatically create attacks against them. As a result, enterprises are exposed with undiscovered risk, and security teams are left with very little time to properly find these hidden vulnerabilities. A scan's resulting vulnerability report may appear to give a clean bill of health, but it failed to test the entire application.

NTOSpider addresses this problem, through the use of a new, innovative patent-pending Universal Translator technology.  NTOSpider 6.0 has the ability to understand these new formats, protocols and development technologies, translate them to a common schema, and then launch simulated attacks that penetrate the back-end systems where vulnerabilities and threats exist.  

NTOSpider Key Benefits

About NTO Spider 6.0
Available today, NTOSpider 6.0 provides the most comprehensive, automated coverage of Mobile, AJAX, SOAP, JSON and other modern application technologies.  NTOSpider 6.0 provides security professionals with the following major benefits:

  • Broader coverage: NTO's new Universal Translator provides rapid, broad coverage of complex, modern applications with an automated tool requiring minimal per scan manpower.
    • Mobile - Moving beyond just scanning "mobile friendly web applications", NTOSpider can scan the backend services that power true mobile applications (those you install on your device). This includes mobile applications using popular formats including JSON, REST, and XML, as well as the ability to handle custom formats
    • RIA - Dynamically crawls and imports recorded traffic from Rich Internet Applications including AJAX, JSON, REST, JQuery, GWT, and Flash Remoting (AMF), in order to automate attacking of these complex applications
    • Web Services - It enables simulated attacks of web services by detecting the client traffic, to decode and attack popular formats including SOAP, REST, XML and JSON
  • CSRF protected sites: Performs XSRF token detection to enable collection and use of valid tokens during each attack.
  • Increased level of automation: Execute repeatable, rapid and comprehensive automated application security testing
  • Reduces risk: Systematically reduce risk more effectively than ever before by leveraging a more automated process
  • Frees pen testers: Free up expert pen testers to test the parts of the application that must be tested manually like business logic.

Additionally NTOSpider 6.0 also includes a new user interface, event-based training macros and improved reporting capabilities and automatic version updates.

For more information or to access a free trial visit www.ntobjectives.com/security-software/ntospider-trial-download-request/

Individuals interested in learning more about web application technologies are invited to access NTO's most recent whitepaper, The Widening Web Application Security Scanner Coverage Gap in RIA, Mobile and Web Services: Is Your Scanner like the Emperor's New Clothes?, a research report that identifies nine common underlying web application technologies in mobile applications, Rich Internet Applications (RIA) and web services being overlooked by today's scanners with practical guidance on how to improve security efficiency and effectiveness with each.

About NT OBJECTives

NT OBJECTives (NTO) is a provider of most automated, comprehensive and accurate web application security software, services and SaaS. NTO has been dedicated to solving the most difficult application security challenges for over 10 years. NTO's software, SaaS and services solutions are designed to help organizations build the most comprehensive, efficient, accurate web application security program. NT OBJECTIVES is privately held with headquarters in Irvine, CA.  For more information visit www.ntobjectives.com or follow us on Twitter @ntobjectives or @dan_kuykendall.

SOURCE NT OBJECTives

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@CloudExpo Stories
SYS-CON Events announced today that Keisoku Research Consultant Co. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Keisoku Research Consultant, Co. offers research and consulting in a wide range of civil engineering-related fields from information construction to preservation of cultural properties. For more information, vi...
SYS-CON Events announced today that Interface Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Interface Corporation is a company developing, manufacturing and marketing high quality and wide variety of industrial computers and interface modules such as PCIs and PCI express. For more information, visit http://www.i...
SYS-CON Events announced today that Fusic will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Fusic Co. provides mocks as virtual IoT devices. You can customize mocks, and get any amount of data at any time in your test. For more information, visit https://fusic.co.jp/english/.
SYS-CON Events announced today that TMC has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo and Big Data at Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Global buyers rely on TMC’s content-driven marketplaces to make purchase decisions and navigate markets. Learn how we can help you reach your marketing goals.
SYS-CON Events announced today that Enroute Lab will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enroute Lab is an industrial design, research and development company of unmanned robotic vehicle system. For more information, please visit http://elab.co.jp/.
Cloud-based disaster recovery is critical to any production environment and is a high priority for many enterprise organizations today. Nearly 40% of organizations have had to execute their BCDR plan due to a service disruption in the past two years. Zerto on IBM Cloud offer VMware and Microsoft customers simple, automated recovery of on-premise VMware and Microsoft workloads to IBM Cloud data centers.
Why Federal cloud? What is in Federal Clouds and integrations? This session will identify the process and the FedRAMP initiative. But is it sufficient? What is the remedy for keeping abreast of cutting-edge technology? In his session at 21st Cloud Expo, Rasananda Behera will examine the proposed solutions: Private or public or hybrid cloud Responsible governing bodies How can we accomplish?
SYS-CON Events announced today that Daiya Industry will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Daiya Industry specializes in orthotic support systems and assistive devices with pneumatic artificial muscles in order to contribute to an extended healthy life expectancy. For more information, please visit https://www.daiyak...
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
The last two years has seen discussions about cloud computing evolve from the public / private / hybrid split to the reality that most enterprises will be creating a complex, multi-cloud strategy. Companies are wary of committing all of their resources to a single cloud, and instead are choosing to spread the risk – and the benefits – of cloud computing across multiple providers and internal infrastructures, as they follow their business needs. Will this approach be successful? How large is the ...
In his session at @ThingsExpo, Greg Gorman is the Director, IoT Developer Ecosystem, Watson IoT, will provide a short tutorial on Node-RED, a Node.js-based programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. It provides a browser-based editor that makes it easy to wire together flows using a wide range of nodes in the palette that can be deployed to its runtime in a single-click. There is a large library of contributed nodes that help so...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Many organizations adopt DevOps to reduce cycle times and deliver software faster; some take on DevOps to drive higher quality and better end-user experience; others look to DevOps for a clearer line-of-sight to customers to drive better business impacts. In truth, these three foundations go together. In this power panel at @DevOpsSummit 21st Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, industry experts will discuss how leading organizations build application success from all...
Most of the time there is a lot of work involved to move to the cloud, and most of that isn't really related to AWS or Azure or Google Cloud. Before we talk about public cloud vendors and DevOps tools, there are usually several technical and non-technical challenges that are connected to it and that every company needs to solve to move to the cloud. In his session at 21st Cloud Expo, Stefano Bellasio, CEO and founder of Cloud Academy Inc., will discuss what the tools, disciplines, and cultural...
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory?
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
SYS-CON Events announced today that App2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. App2Cloud is an online Platform, specializing in migrating legacy applications to any Cloud Providers (AWS, Azure, Google Cloud).
WebRTC is great technology to build your own communication tools. It will be even more exciting experience it with advanced devices, such as a 360 Camera, 360 microphone, and a depth sensor camera. In his session at @ThingsExpo, Masashi Ganeko, a manager at INFOCOM Corporation, will introduce two experimental projects from his team and what they learned from them. "Shotoku Tamago" uses the robot audition software HARK to track speakers in 360 video of a remote party. "Virtual Teleport" uses a mu...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...