NT OBJECTives this week launched NTOSpider 6.0, the latest version of its web application scanner, which now enables security teams to scan for vulnerabilities in mobile, web services and CSRF protected sites that make use of modern application technologies.
According to the company, the new version is capable of automatically crawling, interpreting and scanning applications that utilize modern web technologies such as, JSON, REST, SOAP, HTML5 and AJAX.
“When you really test [modern applications] well and get into places where existing scanners can’t go, you find a lot of undiscovered vulnerabilities,” Dan Kuykendall, co-CEO and CTO of NT OBJECTives, said in a statement.
“The same old vulnerabilities like SQL Injection and OS Command Injection are now showing up in new places. Hackers are aware of the deficiencies in scanners and know that organizations simply don’t have the time, resources or expertise to manually test all their web applications,” said Kevin Mitnick, a famous former hacker now turned security consultant.
Currently, many web scanners can effectively scan HTML4 sites, but are challenged when it comes to translating and assessing the modern web technologies, the company said.
“Such scanners can give security teams a false sense of security by appearing to scan these technologies, but in reality they cannot interpret them or automatically create attacks against them,” NT OBJECTives, said in a statement. “As a result, enterprises are exposed with undiscovered risk, and security teams are left with very little time to properly find these hidden vulnerabilities.”
NT OBJECTives says its technology has the ability to understand these new formats, protocols and development technologies, translate them to a common schema, and launch simulated attacks that attempt to penetrate the back-end systems where vulnerabilities and threats exist.
According to the company, Key Benefits of NTO Spider 6.0 include:
● Mobile – NTOSpider can scan the backend services that power true device-installed mobile applications, includes applications that use popular formats including JSON, REST, and XML, as well as the ability to handle custom formats
● RIA – Dynamically crawls and imports recorded traffic from Rich Internet Applications including AJAX, JSON, REST, JQuery, GWT, and Flash Remoting (AMF), in order to automate attacking of these complex applications
● Web Services – NTO Spider 6.0 enables simulated attacks of web services by detecting the client traffic, to decode and attack popular formats including SOAP, REST, XML and JSON
● CSRF protected sites: Performs XSRF token detection to enable collection and use of valid tokens during each attack.
● Increased Automation: Execute repeatable, rapid and automated application security testing, helping to reduce risk more effectively.
NTOSpider 6.0 is available immediately. More information is available here.
Related Reading: Three Mistakes Companies Make When it Comes to ‘Vulnerability Management’
Related Reading: Top 10 Security Threats for HTML5