COMPANY NEWS
A new whitepaper by Larry Suto has been posted on the popular Ha.ckers.org blog. Larry has followed up his 2007 review with a new analysis of the web app scanners on the market. This latest whitepaper details his findings when he compared six web application security scanners (Including NTOSpider) against six vulnerable test sites. From the report: Of the vulnerabilities on the web apps he scanned, the scanners missed an average of 49% of them. "NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating, with Hailstorm having the second best rating of 62%, but only after extensive training by an expert. Appscan had the second best 'Point and Shoot' rating of 55% and the rest averaged 39%." "As clearly the leader in terms of quality results, NTOSpider performed very well. The results make a great case for using NTOSpider as the first choice for automated scanning." Read the full whitepaper Update: Due to the number of counter-claims/accusations going around, we have posted our response. References on the web to this whitepaper: Ha.ckers.org Slashdot Darkreading An Information Security Place Podcast SemiAccurate (Part 1) / (Part 2) Infosec Island Alan Shimel's Blog Rootsecure Playnoevil Tactical Web App Security Security-dojo
NTO is proud to release another major upgrade in only 6 month after the previous version. Here is a list of the major enhancements: Improvements to User Interface Updated navigation for configuration screens Live view of the vulnerabilities details during a scan Ability to view raw traffic for issues during a scan New attack module: Arbitrary File Upload New attack module: Remote File Include Ability to view raw traffic for each vuln in the reporting Improved Validate applet Improved Proxy support New cookie management Tabs for showing multi-request attacks New debugging capabilities (detailed logging) CAC Card support Applet proxy (Burp) support Added CWEID, CAPEC, OWASP, and OVAL ids mappings to reporting Improved performance with XSS attacks
Dan Kuykendall, co-CEO of NT OBJECTives is joining the An Information Security Place Podcast as a regular host. The podcast id about general information securityand Dan will be the resident webappsec expert to comment on those topics. This will be in addition to the MightySeek Podcast that Dan currently hosts, and which is dedicated purely to Web Application Security
NTO is proud to release this major upgrade that was 18 months in the making. Here is a list of the major enhancements: PCI / HIPPA / SOX Analysis and Reporting Cookie Attacking HTTP Header attack Privilege Escalation Session logout detection and re-establishment Malicious Script Analysis / External iFrame Analysis Next generation FORM parameter analysis and attacking engine Report scalability improvements New memory management system for greater scalability Enhanced solution for attacking Login Pages without losing session Second Generation AJAX analysis Enhanced Reflection Analysis processing for partial reflections and multi reflection points Improvements in all core attacking modules (SQL, BSQL, XSS,CMDI) for reduced false positives, plus expanded number of attacks Crawler Enhancements - better analysis of image URLs with parameters Improved handling of .NET and _VIEWSTATE technologies Multiple Encoding support for all attack modules Ability to view raw traffic for all Vulnerability findings Web Application Firewall Integration (Imperva)
"Nebulas Solutions has signed three more vendors to its Technology Incubatorscheme" including "web applicationvulnerability assessment tools vendor NT Objectives" Read the full press release
“Web 2.0 and SaaS are rapidly becoming the predominant delivery model for software,” said Kamal Arafeh, CEO, eEye Digital Security. “Traditional firewalls, SSL VPNs and other security products cannot fully protect against flaws in these web applications. eEye believes that the vulnerability landscape needs to change and evolve yet again to meet this new set of challenges. For the past ten years, eEye products have addressed operating system and application vulnerabilities and now with Retina Web Security Scanner, we are innovating further to address web application vulnerabilities and flaws.” Read the full press release
Larry Suto, an independent consultant for many large organizations, has published a whitepaper that compares NTOSpider, WebInspect and AppScan. This study focuses on each scanners ability to be used in "Point and Shoot" usage. The report demonstrates our ability to perform very well in this usage and additionally highlights the quality of our scan results and ability to avoid False Positives.
"We believe NT OBJECTives' technology will be a strong addition toVeracode’s on-demand platform based on its comprehensive coverage,accuracy and market leading automation" said Chris Wysopal, VeracodeCTO Read the full press release
Assessing Assessment: Top 10 Questions When Evaluating Application Vulnerability Scanners Read full article
Web Application Security: We Need to Increase Our Budget Read full article
Targeted Remediation of Vulnerablilities Read full article
Targets Shift for Application Security Attacks Read full article
Security Outsourcing Grabs Hold Read full article
Network World - NT OBJECTives tests your Web apps for vulnerabilities Read full article
Ken Pfeil says, "We're securing the application about 20% faster than we have in the past"
Hackers shift focus to swiping ID information Read full article
Website Attacks Skyrocket Read full article
Companies Experience Exponential Rise In Web Attacks: Survey Read full article
Comprehensive Technology and Knowledgeable Experts Help Organizations Discover Threats, Analyze Risk and Develop Sound Security Strategies Read full article
NT OBJECTives Offers Freeware to Strengthen Website Security Read full article
NT OBJECTives Offers Two Free Security Tools Read full article
Expanding Array of App Security Offerings Read full article
NT OBJECTives Launches Automated Application Security Solution Read full article
NTOSpider Automated Web Application Vulnerability Scanner Read full article
NTO Helps CapitalIQ with Time to Market Read full article
NT OBJECTives App Security Helps Capital IQ With Time To Market Read full article
NTO Launches Automated Application Security Solution Read full article
Next Wave: Security Hole Offers Way In Read full article
Sales