Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

NT OBJECTives Boosts Capabilities of Web Application Scanner

NT OBJECTives this week launched NTOSpider 6.0, the latest version of its web application scanner, which now enables security teams to scan for vulnerabilities in mobile, web services and CSRF protected sites that make use of modern application technologies.

NT OBJECTives this week launched NTOSpider 6.0, the latest version of its web application scanner, which now enables security teams to scan for vulnerabilities in mobile, web services and CSRF protected sites that make use of modern application technologies.

According to the company, the new version is capable of automatically crawling, interpreting and scanning applications that utilize modern web technologies such as, JSON, REST, SOAP, HTML5 and AJAX.

“When you really test [modern applications] well and get into places where existing scanners can’t go, you find a lot of undiscovered vulnerabilities,” Dan Kuykendall, co-CEO and CTO of NT OBJECTives, said in a statement.

“The same old vulnerabilities like SQL Injection and OS Command Injection are now showing up in new places. Hackers are aware of the deficiencies in scanners and know that organizations simply don’t have the time, resources or expertise to manually test all their web applications,” said Kevin Mitnick, a famous former hacker now turned security consultant.

Currently, many web scanners can effectively scan HTML4 sites, but are challenged when it comes to translating and assessing the modern web technologies, the company said.

“Such scanners can give security teams a false sense of security by appearing to scan these technologies, but in reality they cannot interpret them or automatically create attacks against them,” NT OBJECTives, said in a statement. “As a result, enterprises are exposed with undiscovered risk, and security teams are left with very little time to properly find these hidden vulnerabilities.”

NT OBJECTives says its technology has the ability to understand these new formats, protocols and development technologies, translate them to a common schema, and launch simulated attacks that attempt to penetrate the back-end systems where vulnerabilities and threats exist.

According to the company, Key Benefits of NTO Spider 6.0 include:

Advertisement. Scroll to continue reading.

● Mobile – NTOSpider can scan the backend services that power true device-installed mobile applications, includes applications that use popular formats including JSON, REST, and XML, as well as the ability to handle custom formats

● RIA – Dynamically crawls and imports recorded traffic from Rich Internet Applications including AJAX, JSON, REST, JQuery, GWT, and Flash Remoting (AMF), in order to automate attacking of these complex applications

● Web Services – NTO Spider 6.0 enables simulated attacks of web services by detecting the client traffic, to decode and attack popular formats including SOAP, REST, XML and JSON

CSRF protected sites: Performs XSRF token detection to enable collection and use of valid tokens during each attack.

Increased Automation: Execute repeatable, rapid and automated application security testing, helping to reduce risk more effectively.

NTOSpider 6.0 is available immediately. More information is available here

Related Reading: Three Mistakes Companies Make When it Comes to ‘Vulnerability Management’

Related Reading: Top 10 Security Threats for HTML5

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.