Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

NT OBJECTives Boosts Capabilities of Web Application Scanner

NT OBJECTives this week launched NTOSpider 6.0, the latest version of its web application scanner, which now enables security teams to scan for vulnerabilities in mobile, web services and CSRF protected sites that make use of modern application technologies.

NT OBJECTives this week launched NTOSpider 6.0, the latest version of its web application scanner, which now enables security teams to scan for vulnerabilities in mobile, web services and CSRF protected sites that make use of modern application technologies.

According to the company, the new version is capable of automatically crawling, interpreting and scanning applications that utilize modern web technologies such as, JSON, REST, SOAP, HTML5 and AJAX.

“When you really test [modern applications] well and get into places where existing scanners can’t go, you find a lot of undiscovered vulnerabilities,” Dan Kuykendall, co-CEO and CTO of NT OBJECTives, said in a statement.

“The same old vulnerabilities like SQL Injection and OS Command Injection are now showing up in new places. Hackers are aware of the deficiencies in scanners and know that organizations simply don’t have the time, resources or expertise to manually test all their web applications,” said Kevin Mitnick, a famous former hacker now turned security consultant.

Currently, many web scanners can effectively scan HTML4 sites, but are challenged when it comes to translating and assessing the modern web technologies, the company said.

“Such scanners can give security teams a false sense of security by appearing to scan these technologies, but in reality they cannot interpret them or automatically create attacks against them,” NT OBJECTives, said in a statement. “As a result, enterprises are exposed with undiscovered risk, and security teams are left with very little time to properly find these hidden vulnerabilities.”

NT OBJECTives says its technology has the ability to understand these new formats, protocols and development technologies, translate them to a common schema, and launch simulated attacks that attempt to penetrate the back-end systems where vulnerabilities and threats exist.

According to the company, Key Benefits of NTO Spider 6.0 include:

● Mobile – NTOSpider can scan the backend services that power true device-installed mobile applications, includes applications that use popular formats including JSON, REST, and XML, as well as the ability to handle custom formats

● RIA – Dynamically crawls and imports recorded traffic from Rich Internet Applications including AJAX, JSON, REST, JQuery, GWT, and Flash Remoting (AMF), in order to automate attacking of these complex applications

● Web Services – NTO Spider 6.0 enables simulated attacks of web services by detecting the client traffic, to decode and attack popular formats including SOAP, REST, XML and JSON

CSRF protected sites: Performs XSRF token detection to enable collection and use of valid tokens during each attack.

Increased Automation: Execute repeatable, rapid and automated application security testing, helping to reduce risk more effectively.

NTOSpider 6.0 is available immediately. More information is available here

Related Reading: Three Mistakes Companies Make When it Comes to ‘Vulnerability Management’

Related Reading: Top 10 Security Threats for HTML5

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.