Welcome!

Cloud Expo Authors: Pat Romanski, Elizabeth White, Trevor Parsons, Lori MacVittie, Cynthia Dunlop

News Feed Item

Vulnerabilities In Mobile and Modern Web Applications Now Detectable with NTOSpider 6.0

Security Professionals Can Now Obtain Comprehensive, Automated Coverage of Mobile, AJAX, SOAP, JSON and Other Modern Application Technologies Previously Only Discoverable by Manual Testing

IRVINE, Calif., Feb. 13, 2013 /PRNewswire/ -- NT OBJECTives today introduces NTOSpider 6.0, the first web application scanner to allow security teams to automatically crawl, interpret and scan modern application technologies such as Mobile, JSON, REST, SOAP, HTML5 and AJAX.  Considered a giant leap forward in application security, the new dynamic application security testing (DAST) solution includes Universal Translator technology that can automatically crawl, detect and attack vulnerabilities that were previously inaccessible to other scanners.

(Logo: http://photos.prnewswire.com/prnh/20121025/PH00003LOGO-b )

"We are seeing the proliferation of modern applications, and with that, an astounding number of vulnerabilities that simply couldn't be detected with any automated solution," says Dan Kuykendall, co-CEO and CTO of NT OBJECTives.  "When you really test them well and get into places where existing scanners can't go, you find a lot of undiscovered vulnerabilities. These new technologies are giving hackers easily exploitable vulnerabilities like SQL injection all over again."

By 2015, consumer purchases via mobile phone and tablets are estimated to reach $1.3 trillion - quadruple the amount today, forecasts Juniper Research.  Today, nearly 30 percent of all shopping sites are using JSON and another 15 percent of them are using AJAX. That number is expected to increase exponentially as more developers rely on a potpourri of application technologies to build rich and mobile web applications.  

"The same old vulnerabilities like SQL Injection and OS Command Injection are now showing up in new places. Hackers are aware of the deficiencies in scanners and know that organizations simply don't have the time, resources or expertise to manually test all their web applications," says Kevin Mitnick, public speaker, consultant, and author of the recently published, Ghost in the Wires: My Adventures as the World's Most Wanted Hacker. "What NTO is doing is incredibly valuable and particularly leading edge in a market that has been lagging to keep up."

Today, many web scanners can effectively scan HTML4 sites, but are unable to translate and assess the modern technologies that have become increasingly prevalent and necessary to deliver the rich experience users demand. Such scanners can give security teams a false sense of security by appearing to scan these technologies, but in reality they cannot interpret them or automatically create attacks against them. As a result, enterprises are exposed with undiscovered risk, and security teams are left with very little time to properly find these hidden vulnerabilities. A scan's resulting vulnerability report may appear to give a clean bill of health, but it failed to test the entire application.

NTOSpider addresses this problem, through the use of a new, innovative patent-pending Universal Translator technology.  NTOSpider 6.0 has the ability to understand these new formats, protocols and development technologies, translate them to a common schema, and then launch simulated attacks that penetrate the back-end systems where vulnerabilities and threats exist.  

NTOSpider Key Benefits

About NTO Spider 6.0
Available today, NTOSpider 6.0 provides the most comprehensive, automated coverage of Mobile, AJAX, SOAP, JSON and other modern application technologies.  NTOSpider 6.0 provides security professionals with the following major benefits:

  • Broader coverage: NTO's new Universal Translator provides rapid, broad coverage of complex, modern applications with an automated tool requiring minimal per scan manpower.
    • Mobile - Moving beyond just scanning "mobile friendly web applications", NTOSpider can scan the backend services that power true mobile applications (those you install on your device). This includes mobile applications using popular formats including JSON, REST, and XML, as well as the ability to handle custom formats
    • RIA - Dynamically crawls and imports recorded traffic from Rich Internet Applications including AJAX, JSON, REST, JQuery, GWT, and Flash Remoting (AMF), in order to automate attacking of these complex applications
    • Web Services - It enables simulated attacks of web services by detecting the client traffic, to decode and attack popular formats including SOAP, REST, XML and JSON
  • CSRF protected sites: Performs XSRF token detection to enable collection and use of valid tokens during each attack.
  • Increased level of automation: Execute repeatable, rapid and comprehensive automated application security testing
  • Reduces risk: Systematically reduce risk more effectively than ever before by leveraging a more automated process
  • Frees pen testers: Free up expert pen testers to test the parts of the application that must be tested manually like business logic.

Additionally NTOSpider 6.0 also includes a new user interface, event-based training macros and improved reporting capabilities and automatic version updates.

For more information or to access a free trial visit www.ntobjectives.com/security-software/ntospider-trial-download-request/

Individuals interested in learning more about web application technologies are invited to access NTO's most recent whitepaper, The Widening Web Application Security Scanner Coverage Gap in RIA, Mobile and Web Services: Is Your Scanner like the Emperor's New Clothes?, a research report that identifies nine common underlying web application technologies in mobile applications, Rich Internet Applications (RIA) and web services being overlooked by today's scanners with practical guidance on how to improve security efficiency and effectiveness with each.

About NT OBJECTives

NT OBJECTives (NTO) is a provider of most automated, comprehensive and accurate web application security software, services and SaaS. NTO has been dedicated to solving the most difficult application security challenges for over 10 years. NTO's software, SaaS and services solutions are designed to help organizations build the most comprehensive, efficient, accurate web application security program. NT OBJECTIVES is privately held with headquarters in Irvine, CA.  For more information visit www.ntobjectives.com or follow us on Twitter @ntobjectives or @dan_kuykendall.

SOURCE NT OBJECTives

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@CloudExpo Stories
SYS-CON Events announced today that TMCnet has been named “Media Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Technology Marketing Corporation (TMC) is the world's leading business to business and integrated marketing media company, servicing niche markets within the communications and technology industries.
As cloud gives an opportunity to businesses to buy services externally - how is cloud impacting your customers? In his General Session at 15th Cloud Expo, Fabio Gori, Director of Worldwide Cloud Marketing at Cisco, will provide answers to big questions: Do you see hybrid cloud as where the world is going? What benefits does it bring? And how does Cisco connect all of these clouds? He will also tell us everything about Intercloud and Cisco investment on it.
Can we look to the paradigm of cloud computing from a completely different perspective? In his General Session at 15th Cloud Expo, Gundars Kulups, Sales Director at DEAC, will discuss what we can learn from our dining habits when choosing a cloud solution. Gundars Kulups is Sales Director at DEAC, full service data center operator. An IT expert, he specializes in European countries and has worked in the IT industry since 1992. He graduated from Riga Technical University (RTU) in Latvia and com...
SYS-CON Events announced today that Parasoft will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. For 27 years, Parasoft has researched and developed software solutions that help organizations deliver defect-free software efficiently. By integrating Development Testing, API/cloud/SOA/composite app testing, and service virtualization, we reduce the time, effort, and cost of delivering secur...
The Internet of Things (IoT) promises to evolve the way the world does business; however, understanding how to apply it to your company can be a mystery. Most people struggle with understanding the potential business uses or tend to get caught up in the technology, resulting in solutions that fail to meet even minimum business goals. In his session at Internet of @ThingsExpo, Jesse Shiah, CEO / President / Co-Founder of AgilePoint Inc., will show what is needed to leverage the IoT to transform...
SYS-CON Events announced today that Utimaco will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Utimaco is a leading manufacturer of hardware based security solutions that provide the root of trust to keep cryptographic keys safe, secure critical digital infrastructures and protect high value data assets. Only Utimaco delivers a general-purpose hardware security module (HSM) as a customiz...
One of the biggest challenges when developing connected devices is identifying user value and delivering it through successful user experiences. In his session at Internet of @ThingsExpo, Mike Kuniavsky, Principal Scientist, Innovation Services at PARC, will describe an IoT-specific approach to user experience design that combines approaches from interaction design, industrial design and service design to create experiences that go beyond simple connected gadgets to create lasting, multi-devic...
Until recently, many organizations required specialized departments to perform mapping and geospatial analysis, and they used Esri on-premise solutions for that work. In his session at 15th Cloud Expo, Dave Peters, author of the Esri Press book Building a GIS, System Architecture Design Strategies for Managers, will discuss how Esri has successfully included the cloud as a fully integrated SaaS expansion of the ArcGIS mapping platform. Organizations that have incorporated Esri cloud-based appl...
Once the decision has been made to move part or all of a workload to the cloud, a methodology for selecting that workload needs to be established. How do you move to the cloud? What does the discovery, assessment and planning look like? What workloads make sense? Which cloud model makes sense for each workload? What are the considerations for how to select the right cloud model? And how does that fit in with the overall IT tranformation? In his session at 15th Cloud Expo, John Hatem, head of V...
Dyn solutions are at the core of Internet Performance. Through traffic management, message management and performance assurance, Dyn is connecting people through the Internet and ensuring information gets where it needs to go, faster and more reliably than ever before. Founded in 2001 at WPI, Dyn’s global presence services more than four million enterprise, small business and personal customers.
IBM and Tencent Cloud signed a business cooperation memorandum to collaborate on providing public cloud with Software-as-a-Service solutions for industries. Both parties agreed to focus on emerging small and medium enterprises in the smarter cities and smarter healthcare industries as well as other fields. This will enable these industries to utilize mobile, cloud computing and big data tools to transform internal processes and operations, thus achieving cloud transformation in the era of mobili...
SimpleECM is the only platform to offer a powerful combination of enterprise content management (ECM) services, capture solutions, and third-party business services providing simplified integrations and workflow development for solution providers. SimpleECM is opening the market to businesses of all sizes by reinventing the delivery of ECM services. Our APIs make the development of ECM services simple with the use of familiar technologies for a frictionless integration directly into web applicat...
European data center operator DEAC is the largest in the Baltics. The activities are orientated to provide data center services and IT outsourcing on Eurasia and America scale in order to create the primary or backup or additional data center for customer in the EU, to protect its business and, most importantly, reduce costs up to 40% within 3-5 years. DEAC is an IT outsourcing services and solutions company whose highly experienced and qualified employees offer various groups of services and...
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo, moderated by Ashar Baig, Research ...
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at Internet of @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, will discuss how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money! Speaker Bio: ...
Samsung VP Jacopo Lenzi, who headed the company's recent SmartThings acquisition under the auspices of Samsung's Open Innovaction Center (OIC), answered a few questions we had about the deal. This interview was in conjunction with our interview with SmartThings CEO Alex Hawkinson. IoT Journal: SmartThings was developed in an open, standards-agnostic platform, and will now be part of Samsung's Open Innovation Center. Can you elaborate on your commitment to keep the platform open? Jacopo Lenzi: S...
Things are being built upon cloud foundations to transform organizations. This CEO Power Panel at 15th Cloud Expo, moderated by Roger Strukhoff, Cloud Expo and @ThingsExpo conference chair, will address the big issues involving these technologies and, more important, the results they will achieve. How important are public, private, and hybrid cloud to the enterprise? How does one define Big Data? And how is the IoT tying all this together?
When an enterprise builds a hybrid IaaS cloud connecting its data center to one or more public clouds, security is often a major topic along with the other challenges involved. Security is closely intertwined with the networking choices made for the hybrid cloud. Traditional networking approaches for building a hybrid cloud try to kludge together the enterprise infrastructure with the public cloud. Consequently this approach requires risky, deep "surgery" including changes to firewalls, subnets...
Ixia develops amazing products so its customers can connect the world. Ixia helps its customers provide an always-on user experience through fast, secure delivery of dynamic connected technologies and services. Through actionable insights that accelerate and secure application and service delivery, Ixia's customers benefit from faster time to market, optimized application performance and higher-quality deployments.
SYS-CON Events announced today that Stratogent will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Stratogent is a custom managed services organization based in San Mateo, California. We design, implement, and support mission critical infrastructure 24x7 on premises, in datacenters and in the Cloud. Since 2005, we have acted as an extension of internal IT teams, achieving a customer reten...