CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

NT OBJECTives Boosts Capabilities of Web Application Scanner

NT OBJECTives this week launched NTOSpider 6.0, the latest version of its web application scanner, which now enables security teams to scan for vulnerabilities in mobile, web services and CSRF protected sites that make use of modern application technologies.

NT OBJECTives this week launched NTOSpider 6.0, the latest version of its web application scanner, which now enables security teams to scan for vulnerabilities in mobile, web services and CSRF protected sites that make use of modern application technologies.

According to the company, the new version is capable of automatically crawling, interpreting and scanning applications that utilize modern web technologies such as, JSON, REST, SOAP, HTML5 and AJAX.

“When you really test [modern applications] well and get into places where existing scanners can’t go, you find a lot of undiscovered vulnerabilities,” Dan Kuykendall, co-CEO and CTO of NT OBJECTives, said in a statement.

“The same old vulnerabilities like SQL Injection and OS Command Injection are now showing up in new places. Hackers are aware of the deficiencies in scanners and know that organizations simply don’t have the time, resources or expertise to manually test all their web applications,” said Kevin Mitnick, a famous former hacker now turned security consultant.

Currently, many web scanners can effectively scan HTML4 sites, but are challenged when it comes to translating and assessing the modern web technologies, the company said.

“Such scanners can give security teams a false sense of security by appearing to scan these technologies, but in reality they cannot interpret them or automatically create attacks against them,” NT OBJECTives, said in a statement. “As a result, enterprises are exposed with undiscovered risk, and security teams are left with very little time to properly find these hidden vulnerabilities.”

NT OBJECTives says its technology has the ability to understand these new formats, protocols and development technologies, translate them to a common schema, and launch simulated attacks that attempt to penetrate the back-end systems where vulnerabilities and threats exist.

According to the company, Key Benefits of NTO Spider 6.0 include:

Advertisement. Scroll to continue reading.

● Mobile – NTOSpider can scan the backend services that power true device-installed mobile applications, includes applications that use popular formats including JSON, REST, and XML, as well as the ability to handle custom formats

● RIA – Dynamically crawls and imports recorded traffic from Rich Internet Applications including AJAX, JSON, REST, JQuery, GWT, and Flash Remoting (AMF), in order to automate attacking of these complex applications

● Web Services – NTO Spider 6.0 enables simulated attacks of web services by detecting the client traffic, to decode and attack popular formats including SOAP, REST, XML and JSON

CSRF protected sites: Performs XSRF token detection to enable collection and use of valid tokens during each attack.

Increased Automation: Execute repeatable, rapid and automated application security testing, helping to reduce risk more effectively.

NTOSpider 6.0 is available immediately. More information is available here

Related Reading: Three Mistakes Companies Make When it Comes to ‘Vulnerability Management’

Related Reading: Top 10 Security Threats for HTML5

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.