ABOUT US

NT OBJECTives (NTO), based in Orange County, California, brings together an unprecedented collection of top experts in information security to develop and provide a comprehensive suite of industry-leading technology and services to solve the application security challenges of today.s global organizations. NTO has created industry-first, automated technology capable of performing comprehensive and accurate application security audits to protect proprietary information at the application layer. Its next-generation technology, coupled with a comprehensive service offering, including security training services and consulting, puts NTO in a unique position to provide complete application security solutions to today's businesses.

Company History

The NTO team has substantial experience in the security community. NTO's engineering team was part of the core development team that created Foundscan, the first next generation vulnerability scanner while at Foundstone.  In the summer of 2002, the core product team at Foundstone left to pursue common interests in developing the first enterprise solution truly capable of addressing the emerging application security threats. 

The NTO Vision

NTO believes that Web application security represents the greatest security challenge facing the information technology industry today. Millions of Web applications have been developed in the past two decades. No two are alike and as expectations for enhanced customer and partner interactions may introduce tens of thousands of vulnerabilities across most.

Manual penetration tests, the traditional means to identify Web application vulnerabilities, are too expensive to be a solution for most applications. Even if every enterprise had the funds to review all of its applications as infrequently as once a year, there are not enough trained pen testers to do a tenth of the work.

The logical solution is an automated tool. Unfortunately, first generation vulnerability assessment tools were not truly automated. The complexities of modern Web sites, including JavaScript, complex authentication and session management, resulted in these early scanners requiring significant user interaction to completely crawl a site. Many users, untrained in their use, did not crawl even a portion of their sites and overlooked significant security holes. Moreover, these scanners merely pointed out long lists of vulnerabilities and did not assist security teams in assigning and remediating these vulnerabilities.

The NTO Approach

NTO is dedicated to creating fully automated security tools that allow security teams to test their sites with minimumal work and remediate them quickly and efficiently. It has assembled several of the top experts in application security product design, development and consulting. Its tools implement the best practices in Web application penetration testing learned over hundreds of assignments.

The most efficient time to eliminate vulnerabilities is during the development process. NTO offers training and professional services to help clients implement best practices across their organizations so that application security is a fully integrated part of the application architecture.

Product Overview

NTO's NTOSpider is designed to be the most comprehensive, fully automated Web application scanner on the market. NTOSpider automates the process of authentication, session management, crawling and attacking. Its advanced custom error page checking also gives it the lowest false positive rate in the industry.

NTOSpider helps security teams as they communicate vulnerabilities to application development teams and work with them to ensure that they are remediated. NTOSpider categorizes vulnerabilities by their root cause, and provides useful and visual reporting to better facilitate remediation efforts.