Welcome!

@CloudExpo Authors: Dana Gardner, Jeev Trika, Liz McMillan, Pat Romanski, Kevin Benedict

News Feed Item

Vulnerabilities In Mobile and Modern Web Applications Now Detectable with NTOSpider 6.0

Security Professionals Can Now Obtain Comprehensive, Automated Coverage of Mobile, AJAX, SOAP, JSON and Other Modern Application Technologies Previously Only Discoverable by Manual Testing

IRVINE, Calif., Feb. 13, 2013 /PRNewswire/ -- NT OBJECTives today introduces NTOSpider 6.0, the first web application scanner to allow security teams to automatically crawl, interpret and scan modern application technologies such as Mobile, JSON, REST, SOAP, HTML5 and AJAX.  Considered a giant leap forward in application security, the new dynamic application security testing (DAST) solution includes Universal Translator technology that can automatically crawl, detect and attack vulnerabilities that were previously inaccessible to other scanners.

(Logo: http://photos.prnewswire.com/prnh/20121025/PH00003LOGO-b )

"We are seeing the proliferation of modern applications, and with that, an astounding number of vulnerabilities that simply couldn't be detected with any automated solution," says Dan Kuykendall, co-CEO and CTO of NT OBJECTives.  "When you really test them well and get into places where existing scanners can't go, you find a lot of undiscovered vulnerabilities. These new technologies are giving hackers easily exploitable vulnerabilities like SQL injection all over again."

By 2015, consumer purchases via mobile phone and tablets are estimated to reach $1.3 trillion - quadruple the amount today, forecasts Juniper Research.  Today, nearly 30 percent of all shopping sites are using JSON and another 15 percent of them are using AJAX. That number is expected to increase exponentially as more developers rely on a potpourri of application technologies to build rich and mobile web applications.  

"The same old vulnerabilities like SQL Injection and OS Command Injection are now showing up in new places. Hackers are aware of the deficiencies in scanners and know that organizations simply don't have the time, resources or expertise to manually test all their web applications," says Kevin Mitnick, public speaker, consultant, and author of the recently published, Ghost in the Wires: My Adventures as the World's Most Wanted Hacker. "What NTO is doing is incredibly valuable and particularly leading edge in a market that has been lagging to keep up."

Today, many web scanners can effectively scan HTML4 sites, but are unable to translate and assess the modern technologies that have become increasingly prevalent and necessary to deliver the rich experience users demand. Such scanners can give security teams a false sense of security by appearing to scan these technologies, but in reality they cannot interpret them or automatically create attacks against them. As a result, enterprises are exposed with undiscovered risk, and security teams are left with very little time to properly find these hidden vulnerabilities. A scan's resulting vulnerability report may appear to give a clean bill of health, but it failed to test the entire application.

NTOSpider addresses this problem, through the use of a new, innovative patent-pending Universal Translator technology.  NTOSpider 6.0 has the ability to understand these new formats, protocols and development technologies, translate them to a common schema, and then launch simulated attacks that penetrate the back-end systems where vulnerabilities and threats exist.  

NTOSpider Key Benefits

About NTO Spider 6.0
Available today, NTOSpider 6.0 provides the most comprehensive, automated coverage of Mobile, AJAX, SOAP, JSON and other modern application technologies.  NTOSpider 6.0 provides security professionals with the following major benefits:

  • Broader coverage: NTO's new Universal Translator provides rapid, broad coverage of complex, modern applications with an automated tool requiring minimal per scan manpower.
    • Mobile - Moving beyond just scanning "mobile friendly web applications", NTOSpider can scan the backend services that power true mobile applications (those you install on your device). This includes mobile applications using popular formats including JSON, REST, and XML, as well as the ability to handle custom formats
    • RIA - Dynamically crawls and imports recorded traffic from Rich Internet Applications including AJAX, JSON, REST, JQuery, GWT, and Flash Remoting (AMF), in order to automate attacking of these complex applications
    • Web Services - It enables simulated attacks of web services by detecting the client traffic, to decode and attack popular formats including SOAP, REST, XML and JSON
  • CSRF protected sites: Performs XSRF token detection to enable collection and use of valid tokens during each attack.
  • Increased level of automation: Execute repeatable, rapid and comprehensive automated application security testing
  • Reduces risk: Systematically reduce risk more effectively than ever before by leveraging a more automated process
  • Frees pen testers: Free up expert pen testers to test the parts of the application that must be tested manually like business logic.

Additionally NTOSpider 6.0 also includes a new user interface, event-based training macros and improved reporting capabilities and automatic version updates.

For more information or to access a free trial visit www.ntobjectives.com/security-software/ntospider-trial-download-request/

Individuals interested in learning more about web application technologies are invited to access NTO's most recent whitepaper, The Widening Web Application Security Scanner Coverage Gap in RIA, Mobile and Web Services: Is Your Scanner like the Emperor's New Clothes?, a research report that identifies nine common underlying web application technologies in mobile applications, Rich Internet Applications (RIA) and web services being overlooked by today's scanners with practical guidance on how to improve security efficiency and effectiveness with each.

About NT OBJECTives

NT OBJECTives (NTO) is a provider of most automated, comprehensive and accurate web application security software, services and SaaS. NTO has been dedicated to solving the most difficult application security challenges for over 10 years. NTO's software, SaaS and services solutions are designed to help organizations build the most comprehensive, efficient, accurate web application security program. NT OBJECTIVES is privately held with headquarters in Irvine, CA.  For more information visit www.ntobjectives.com or follow us on Twitter @ntobjectives or @dan_kuykendall.

SOURCE NT OBJECTives

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@CloudExpo Stories
The increasing popularity of the Internet of Things necessitates that our physical and cognitive relationship with wearable technology will change rapidly in the near future. This advent means logging has become a thing of the past. Before, it was on us to track our own data, but now that data is automatically available. What does this mean for mHealth and the "connected" body? In her session at @ThingsExpo, Lisa Calkins, CEO and co-founder of Amadeus Consulting, will discuss the impact of wea...
See storage differently! Storage performance problems have only gotten worse and harder to solve as applications have become largely virtualized and moved to a cloud-based infrastructure. Storage performance in a virtualized environment is not just about IOPS, it is about how well that potential performance is guaranteed to individual VMs for these apps as the number of VMs keep going up real time. In his session at 18th Cloud Expo, Dhiraj Sehgal, in product and marketing at Tintri, will discu...
Many private cloud projects were built to deliver self-service access to development and test resources. While those clouds delivered faster access to resources, they lacked visibility, control and security needed for production deployments. In their session at 18th Cloud Expo, Steve Anderson, Product Manager at BMC Software, and Rick Lefort, Principal Technical Marketing Consultant at BMC Software, will discuss how a cloud designed for production operations not only helps accelerate developer...
SYS-CON Events announced today that Enzu, a leading provider of cloud hosting solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to foc...
SYS-CON Events announced today that Ericsson has been named “Gold Sponsor” of SYS-CON's @ThingsExpo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. Ericsson is a world leader in the rapidly changing environment of communications technology – providing equipment, software and services to enable transformation through mobility. Some 40 percent of global mobile traffic runs through networks we have supplied. More than 1 billion subscribers around the world re...
SYS-CON Events announced today that Peak 10, Inc., a national IT infrastructure and cloud services provider, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Peak 10 provides reliable, tailored data center and network services, cloud and managed services. Its solutions are designed to scale and adapt to customers’ changing business needs, enabling them to lower costs, improve performance and focus inter...
The demand for organizations to expand their infrastructure to multiple IT environments like the cloud, on-premise, mobile, bring your own device (BYOD) and the Internet of Things (IoT) continues to grow. As this hybrid infrastructure increases, the challenge to monitor the security of these systems increases in volume and complexity. In his session at 18th Cloud Expo, Stephen Coty, Chief Security Evangelist at Alert Logic, will show how properly configured and managed security architecture can...
The IoTs will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm and share the must-have mindsets for removing complexity from the development proc...
Much of the value of DevOps comes from a (renewed) focus on measurement, sharing, and continuous feedback loops. In increasingly complex DevOps workflows and environments, and especially in larger, regulated, or more crystallized organizations, these core concepts become even more critical. In his session at @DevOpsSummit at 18th Cloud Expo, Andi Mann, Chief Technology Advocate at Splunk, will show how, by focusing on 'metrics that matter,' you can provide objective, transparent, and meaningfu...
Artificial Intelligence has the potential to massively disrupt IoT. In his session at 18th Cloud Expo, AJ Abdallat, CEO of Beyond AI, will discuss what the five main drivers are in Artificial Intelligence that could shape the future of the Internet of Things. AJ Abdallat is CEO of Beyond AI. He has over 20 years of management experience in the fields of artificial intelligence, sensors, instruments, devices and software for telecommunications, life sciences, environmental monitoring, process...
trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vice president of product management, IoT solutions at GlobalSign, will teach IoT developers how t...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
In the world of DevOps there are ‘known good practices’ – aka ‘patterns’ – and ‘known bad practices’ – aka ‘anti-patterns.' Many of these patterns and anti-patterns have been developed from real world experience, especially by the early adopters of DevOps theory; but many are more feasible in theory than in practice, especially for more recent entrants to the DevOps scene. In this power panel at @DevOpsSummit at 18th Cloud Expo, moderated by DevOps Conference Chair Andi Mann, panelists will dis...
There is an ever-growing explosion of new devices that are connected to the Internet using “cloud” solutions. This rapid growth is creating a massive new demand for efficient access to data. And it’s not just about connecting to that data anymore. This new demand is bringing new issues and challenges and it is important for companies to scale for the coming growth. And with that scaling comes the need for greater security, gathering and data analysis, storage, connectivity and, of course, the...
Increasing IoT connectivity is forcing enterprises to find elegant solutions to organize and visualize all incoming data from these connected devices with re-configurable dashboard widgets to effectively allow rapid decision-making for everything from immediate actions in tactical situations to strategic analysis and reporting. In his session at 18th Cloud Expo, Shikhir Singh, Senior Developer Relations Manager at Sencha, will discuss how to create HTML5 dashboards that interact with IoT devic...
Peak 10, Inc., has announced the implementation of IT service management, a business process alignment initiative based on the widely adopted Information Technology Infrastructure Library (ITIL) framework. The implementation of IT service management enhances Peak 10’s current service-minded approach to IT delivery by propelling the company to deliver higher levels of personalized and prompt service. The majority of Peak 10’s operations employees have been trained and certified in the ITIL frame...
So, you bought into the current machine learning craze and went on to collect millions/billions of records from this promising new data source. Now, what do you do with them? Too often, the abundance of data quickly turns into an abundance of problems. How do you extract that "magic essence" from your data without falling into the common pitfalls? In her session at @ThingsExpo, Natalia Ponomareva, Software Engineer at Google, will provide tips on how to be successful in large scale machine lear...
In his session at 18th Cloud Expo, Sagi Brody, Chief Technology Officer at Webair Internet Development Inc., will focus on real world deployments of DDoS mitigation strategies in every layer of the network. He will give an overview of methods to prevent these attacks and best practices on how to provide protection in complex cloud platforms. He will also outline what we have found in our experience managing and running thousands of Linux and Unix managed service platforms and what specifically c...
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...
Redis is not only the fastest database, but it has become the most popular among the new wave of applications running in containers. Redis speeds up just about every data interaction between your users or operational systems. In his session at 18th Cloud Expo, Dave Nielsen, Developer Relations at Redis Labs, will shares the functions and data structures used to solve everyday use cases that are driving Redis' popularity.