Welcome!

Industrial IoT Authors: Elizabeth White, Liz McMillan, Kevin Jackson, Pat Romanski, Carmen Gonzalez

News Feed Item

Vulnerabilities In Mobile and Modern Web Applications Now Detectable with NTOSpider 6.0

Security Professionals Can Now Obtain Comprehensive, Automated Coverage of Mobile, AJAX, SOAP, JSON and Other Modern Application Technologies Previously Only Discoverable by Manual Testing

IRVINE, Calif., Feb. 13, 2013 /PRNewswire/ -- NT OBJECTives today introduces NTOSpider 6.0, the first web application scanner to allow security teams to automatically crawl, interpret and scan modern application technologies such as Mobile, JSON, REST, SOAP, HTML5 and AJAX.  Considered a giant leap forward in application security, the new dynamic application security testing (DAST) solution includes Universal Translator technology that can automatically crawl, detect and attack vulnerabilities that were previously inaccessible to other scanners.

(Logo: http://photos.prnewswire.com/prnh/20121025/PH00003LOGO-b )

"We are seeing the proliferation of modern applications, and with that, an astounding number of vulnerabilities that simply couldn't be detected with any automated solution," says Dan Kuykendall, co-CEO and CTO of NT OBJECTives.  "When you really test them well and get into places where existing scanners can't go, you find a lot of undiscovered vulnerabilities. These new technologies are giving hackers easily exploitable vulnerabilities like SQL injection all over again."

By 2015, consumer purchases via mobile phone and tablets are estimated to reach $1.3 trillion - quadruple the amount today, forecasts Juniper Research.  Today, nearly 30 percent of all shopping sites are using JSON and another 15 percent of them are using AJAX. That number is expected to increase exponentially as more developers rely on a potpourri of application technologies to build rich and mobile web applications.  

"The same old vulnerabilities like SQL Injection and OS Command Injection are now showing up in new places. Hackers are aware of the deficiencies in scanners and know that organizations simply don't have the time, resources or expertise to manually test all their web applications," says Kevin Mitnick, public speaker, consultant, and author of the recently published, Ghost in the Wires: My Adventures as the World's Most Wanted Hacker. "What NTO is doing is incredibly valuable and particularly leading edge in a market that has been lagging to keep up."

Today, many web scanners can effectively scan HTML4 sites, but are unable to translate and assess the modern technologies that have become increasingly prevalent and necessary to deliver the rich experience users demand. Such scanners can give security teams a false sense of security by appearing to scan these technologies, but in reality they cannot interpret them or automatically create attacks against them. As a result, enterprises are exposed with undiscovered risk, and security teams are left with very little time to properly find these hidden vulnerabilities. A scan's resulting vulnerability report may appear to give a clean bill of health, but it failed to test the entire application.

NTOSpider addresses this problem, through the use of a new, innovative patent-pending Universal Translator technology.  NTOSpider 6.0 has the ability to understand these new formats, protocols and development technologies, translate them to a common schema, and then launch simulated attacks that penetrate the back-end systems where vulnerabilities and threats exist.  

NTOSpider Key Benefits

About NTO Spider 6.0
Available today, NTOSpider 6.0 provides the most comprehensive, automated coverage of Mobile, AJAX, SOAP, JSON and other modern application technologies.  NTOSpider 6.0 provides security professionals with the following major benefits:

  • Broader coverage: NTO's new Universal Translator provides rapid, broad coverage of complex, modern applications with an automated tool requiring minimal per scan manpower.
    • Mobile - Moving beyond just scanning "mobile friendly web applications", NTOSpider can scan the backend services that power true mobile applications (those you install on your device). This includes mobile applications using popular formats including JSON, REST, and XML, as well as the ability to handle custom formats
    • RIA - Dynamically crawls and imports recorded traffic from Rich Internet Applications including AJAX, JSON, REST, JQuery, GWT, and Flash Remoting (AMF), in order to automate attacking of these complex applications
    • Web Services - It enables simulated attacks of web services by detecting the client traffic, to decode and attack popular formats including SOAP, REST, XML and JSON
  • CSRF protected sites: Performs XSRF token detection to enable collection and use of valid tokens during each attack.
  • Increased level of automation: Execute repeatable, rapid and comprehensive automated application security testing
  • Reduces risk: Systematically reduce risk more effectively than ever before by leveraging a more automated process
  • Frees pen testers: Free up expert pen testers to test the parts of the application that must be tested manually like business logic.

Additionally NTOSpider 6.0 also includes a new user interface, event-based training macros and improved reporting capabilities and automatic version updates.

For more information or to access a free trial visit www.ntobjectives.com/security-software/ntospider-trial-download-request/

Individuals interested in learning more about web application technologies are invited to access NTO's most recent whitepaper, The Widening Web Application Security Scanner Coverage Gap in RIA, Mobile and Web Services: Is Your Scanner like the Emperor's New Clothes?, a research report that identifies nine common underlying web application technologies in mobile applications, Rich Internet Applications (RIA) and web services being overlooked by today's scanners with practical guidance on how to improve security efficiency and effectiveness with each.

About NT OBJECTives

NT OBJECTives (NTO) is a provider of most automated, comprehensive and accurate web application security software, services and SaaS. NTO has been dedicated to solving the most difficult application security challenges for over 10 years. NTO's software, SaaS and services solutions are designed to help organizations build the most comprehensive, efficient, accurate web application security program. NT OBJECTIVES is privately held with headquarters in Irvine, CA.  For more information visit www.ntobjectives.com or follow us on Twitter @ntobjectives or @dan_kuykendall.

SOURCE NT OBJECTives

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Onalytica. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
"IoT is going to be a huge industry with a lot of value for end users, for industries, for consumers, for manufacturers. How can we use cloud to effectively manage IoT applications," stated Ian Khan, Innovation & Marketing Manager at Solgeniakhela, in this SYS-CON.tv interview at @ThingsExpo, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
We are always online. We access our data, our finances, work, and various services on the Internet. But we live in a congested world of information in which the roads were built two decades ago. The quest for better, faster Internet routing has been around for a decade, but nobody solved this problem. We’ve seen band-aid approaches like CDNs that attack a niche's slice of static content part of the Internet, but that’s it. It does not address the dynamic services-based Internet of today. It does...
Internet of @ThingsExpo, taking place June 6-8, 2017 at the Javits Center in New York City, New York, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo New York Call for Papers is now open.
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, discussed why and how ReadyTalk diverted from healthy revenue and mor...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...