NT OBJECTives Web Application Security News http://www.ntobjectives.com/news/feed/ NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security Blog http://www.ntobjectives.com/news/feed/ http://www.ntobjectives.com/images/nto_rss.jpg 144 144 Fri, 10 Sep 2010 12:12:23 -0700 en Dan Kuykendall dan@kuykendall.org No no NT OBJECTives participates in four city seminar http://www.ntobjectives.com/news/NTOBJECTivesparticipatesinfourcityseminar Wed, 10 Mar 2010 00:00:00 -0800 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/NTOBJECTivesparticipatesinfourcityseminar
(original, in German, is here)

Security of browsers, web applications, databases and virtualized environments

cirosec-event series in March on current topics

HEILBRONN, 10 February 2010 - cirosec, the specialist in IT security area, organized in March 2010 again its Trendtage around innovative topics in the IT security area. The focus this time is on the security of browsers, web applications, databases and virtualized environments.

Stations of Hanover are Trendtage (15.03.10), Cologne (16.03.10), Stuttgart (17.03.10) and Munich (18.03.10). Participation is free.

Stefan Strobel, author and director of the cirosec GmbH, will address in his opening speech the security in virtualized environments, introduce and explain the key factors influencing the opportunities and threats. The virtualization of servers in the data center is almost always in full swing. Products from VMware, Citrix, Sun and others promise the green IT in addition to a simplification and cost savings. IT security can benefit from the introduction of such techniques, if improperly implemented can also take great harm.

Subsequently, three manufacturers will demonstrate their innovative products:

• Quaresso - Web Browser Security
On Q Quaresso Protect allows websites to secure the browser, the user
without the need to install this software. The product makes use of a agent
Technology to the user, so to speak "on the fly" is a short temporary browser. The browser activity, and the browser behavior can be secured and controlled. It not only protects users from malware as key loggers and trojans, but transferred session data is always encrypted, user operations controlled, and also protects [...]]]> Accuracy and Time Costs of Web Application Security Scanner Report http://www.ntobjectives.com/news/AccuracyandTimeCostsofWebApplicationSecurityScannerReport Wed, 03 Feb 2010 00:00:00 -0800 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/AccuracyandTimeCostsofWebApplicationSecurityScannerReport new whitepaper by Larry Suto has been posted on the popular Ha.ckers.org blog.  Larry has followed up his 2007 review with a new analysis of the web app scanners on the market. This latest whitepaper details his findings when he compared six web application security scanners (Including NTOSpider) against six vulnerable test sites.

From the report:
Of the vulnerabilities on the web apps he scanned, the scanners missed an average of 49% of them.

"NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating, with Hailstorm having the second best rating of 62%, but only after extensive training by an expert. Appscan had the second best ’Point and Shoot’ rating of 55% and the rest averaged 39%."

"As clearly the leader in terms of quality results, NTOSpider performed very well. The results make a great case for using NTOSpider as the first choice for automated scanning."

Read the full whitepaper

 

Update: Due to the number of counter-claims/accusations going around, we have posted our response.

References on the web to this whitepaper:
  • Ha.ckers.org
  • NT Objectives Releases NTOSpider 5.0 http://www.ntobjectives.com/news/NTObjectivesReleasesNTOSpider5.0 Mon, 16 Nov 2009 00:00:00 -0800 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/NTObjectivesReleasesNTOSpider5.0 Here is a list of the major enhancements:
    • Improvements to User Interface
    • Updated navigation for configuration screens
    • Live view of the vulnerabilities details during a scan
    • Ability to view raw traffic for issues during a scan
    • New attack module: Arbitrary File Upload
    • New attack module: Remote File Include
    • Ability to view raw traffic for each vuln in the reporting
    • Improved Validate applet
    • Improved Proxy support
    • New cookie management
    • Tabs for showing multi-request attacks
    • New debugging capabilities (detailed logging)
    • CAC Card support
    • Applet proxy (Burp) support
    • Added CWEID, CAPEC, OWASP, and OVAL ids mappings to reporting
    • Improved performance with XSS attacks
       
    ]]>         NTO Grows Its Podcasting Efforts http://www.ntobjectives.com/news/NTOGrowsItsPodcastingEfforts Tue, 18 Aug 2009 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/NTOGrowsItsPodcastingEfforts An Information Security Place     Podcast as a regular host. The podcast id about general information securityand Dan will be the resident webappsec expert to comment on those topics.

    This will be in addition to the MightySeek Podcast that Dan currently hosts, and which is dedicated purely to Web Application Security


    ]]> NT Objectives Releases NTOSpider 4.0 http://www.ntobjectives.com/news/NTObjectivesReleasesNTOSpider4.0 Fri, 01 May 2009 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/NTObjectivesReleasesNTOSpider4.0 Here is a list of the major enhancements:

    • PCI / HIPPA / SOX Analysis and Reporting
    • Cookie Attacking
    • HTTP Header attack
    • Privilege Escalation
    • Session logout detection and re-establishment
    • Malicious Script Analysis / External iFrame Analysis
    • Next generation FORM parameter analysis and attacking engine
    • Report scalability improvements
    • New memory management system for greater scalability
    • Enhanced solution for attacking Login Pages without losing session
    • Second Generation AJAX analysis
    • Enhanced Reflection Analysis processing for partial reflections and multi reflection points
    • Improvements in all core attacking modules (SQL, BSQL, XSS,CMDI) for reduced false positives, plus expanded number of attacks
    • Crawler Enhancements - better analysis of image URLs with parameters
    • Improved handling of .NET and _VIEWSTATE technologies
    • Multiple Encoding support for all attack modules
    • Ability to view raw traffic for all Vulnerability findings
    • Web Application Firewall Integration (Imperva)
    ]]>         Nebulas Solutions selects NTO http://www.ntobjectives.com/news/NebulasSolutionsselectsNTO Thu, 05 Mar 2009 00:00:00 -0800 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/NebulasSolutionsselectsNTO

    "Nebulas Solutions has signed three more vendors to its Technology Incubatorscheme" including "web applicationvulnerability assessment tools vendor NT Objectives"

    Read the full press release


    ]]>         NT OBJECTives and Casaba Security Partner on Integrated Threat Management Suite http://www.ntobjectives.com/news/NTOBJECTivesandCasabaSecurityPartneronIntegratedThreatManagementSuite Wed, 02 Apr 2008 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/NTOBJECTivesandCasabaSecurityPartneronIntegratedThreatManagementSuite NT OBJECTives and Casaba Security Partner on Integrated Threat Management SuiteNT OBJECTives, Inc., a leader in webapplication vulnerability scanning, announced today that it ispartnering with Casaba Security, a trusted provider of security andsecurity process consulting services to Fortune 100 companies.

    FOR IMMEDIATE RELEASE

    PR Log (Press Release)Apr 02, 2008 – IRVINE, CA –NT OBJECTives, Inc., a leader in  webapplication vulnerability scanning, announced today that it ispartnering with Casaba Security, a trusted provider of security andsecurity process consulting services to Fortune 100 companies. NTOBJECTives web application vulnerability assessment tool, NTOSpider, isa best-in-class web scanning solution that rapidly and accurately scanslarge, complex web sites and web applications to tackle application-
    level vulnerabilities.

    The NTO/Casaba partnership addresses the need for enterprises toincorporate best of breed software and business processes to addressthe growing threat of web application security vulnerabilities.

    “Solving the growing threat of web application vulnerabilitiesrequires more than software,” said JD Glaser, CEO, NT OBJECTives, Inc. “Enterprises need to integrate assessment tools into their securityprocesses and spearhead remediation efforts.  For this reason, we arepartnering with Casaba Security, one of the premier security servicesfirms. They provide the experience and vision for companies that needhelp building a proper process that delivers measurable results.”

    NT OBJECTives, Inc. (www.NTOBJECTives.com) and Casaba Security [...]]]> NTO Partners with eEye Digital Security http://www.ntobjectives.com/news/NTOPartnerswitheEyeDigitalSecurity Thu, 13 Mar 2008 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/NTOPartnerswitheEyeDigitalSecurity
    “Web 2.0 and SaaS are rapidly becoming the predominant delivery model for software,” said Kamal Arafeh, CEO, eEye Digital Security. “Traditional firewalls, SSL VPNs and other security products cannot fully protect against flaws in these web applications. eEye believes that the vulnerability landscape needs to change and evolve yet again to meet this new set of challenges. For the past ten years, eEye products have addressed operating system and application vulnerabilities and now with Retina Web Security Scanner, we are innovating further to address web application vulnerabilities and flaws.”

    Read the full press release
    ]]>         Analyzing the Effectiveness and Coverage of Web Application Security Scanners http://www.ntobjectives.com/news/AnalyzingtheEffectivenessandCoverageofWebApplicationSecurityScanners Sun, 14 Oct 2007 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/AnalyzingtheEffectivenessandCoverageofWebApplicationSecurityScanners published a whitepaper that compares NTOSpider, WebInspect and AppScan. This study focuses on each scanners ability to be used in "Point and Shoot" usage. The report demonstrates our ability to perform very well in this usage and additionally highlights the quality of our scan results and ability to avoid False Positives.
    ]]>         NTO Partners with Veracode http://www.ntobjectives.com/news/RedHerring-NextWave-SecurityHoleOffersWayIn Wed, 08 Aug 2007 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/RedHerring-NextWave-SecurityHoleOffersWayIn
    "We believe NT OBJECTives’ technology will be a strong addition toVeracode’s on-demand platform based on its comprehensive coverage,accuracy and market leading automation" said Chris Wysopal, VeracodeCTO

    Read the full press release
    ]]>         Assessing Assessment: Top 10 Questions When Evaluating Application Vulnerability Scanners http://www.ntobjectives.com/news/AssessingAssessment-Top10QuestionsWhenEvaluatingApplicationVulnerabilityScanners Tue, 29 Nov 2005 00:00:00 -0800 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/AssessingAssessment-Top10QuestionsWhenEvaluatingApplicationVulnerabilityScanners
    Assessing Assessment: Top 10 Questions When Evaluating Application Vulnerability Scanners

    Read full article ]]>         ITSecuirty: Web Application Security: We Need to Increase Our Budget... http://www.ntobjectives.com/news/ITSecuirty-WebApplicationSecurity-WeNeedtoIncreaseOurBudget... Fri, 28 Oct 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/ITSecuirty-WebApplicationSecurity-WeNeedtoIncreaseOurBudget...
    Web Application Security: We Need to Increase Our Budget

    Read full article]]>         Sarbanes-Oxley Compliance Journal: Targeted Remediation of Vulnerablilities http://www.ntobjectives.com/news/Sarbanes-OxleyComplianceJournal-TargetedRemediationofVulnerablilities Tue, 11 Oct 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/Sarbanes-OxleyComplianceJournal-TargetedRemediationofVulnerablilities
    Targeted Remediation of Vulnerablilities

    Read full article]]>         Enterprise Systems: Targets Shift for Application Security Attacks http://www.ntobjectives.com/news/EnterpriseSystems-TargetsShiftforApplicationSecurityAttacks Tue, 13 Sep 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/EnterpriseSystems-TargetsShiftforApplicationSecurityAttacks
    Targets Shift for Application Security Attacks

    Read full article]]>         CIO Decisions: Security Outsourcing Grabs Hold http://www.ntobjectives.com/news/CIODecisions-SecurityOutsourcingGrabsHold Mon, 05 Sep 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/CIODecisions-SecurityOutsourcingGrabsHold
    Security Outsourcing Grabs Hold

    Read full article ]]>         Network World: NT OBJECTives tests your Web apps for vulnerabilities http://www.ntobjectives.com/news/NetworkWorld-NTOBJECTivestestsyourWebappsforvulnerabilities Mon, 15 Aug 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/NetworkWorld-NTOBJECTivestestsyourWebappsforvulnerabilities
    Network World - NT OBJECTives tests your Web apps for vulnerabilities

    Read full article]]>         InformationWeek: NTO Speeds Financial Product Delivery http://www.ntobjectives.com/news/InformationWeek-NTOSpeedsFinancialProductDelivery Thu, 11 Aug 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/InformationWeek-NTOSpeedsFinancialProductDelivery
    NTO Speeds Financial Product Delivery
    Ken Pfeil says, "We’re securing the application about 20% faster than we have in the past"]]>         USA Today: Hackers shift focus to swiping ID information http://www.ntobjectives.com/news/USAToday-HackersshiftfocustoswipingIDinformation Mon, 18 Jul 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/USAToday-HackersshiftfocustoswipingIDinformation
    Hackers shift focus to swiping ID information

    Read full article ]]>         SAP INFO: Website Attacks Skyrocket http://www.ntobjectives.com/news/SAPINFO-WebsiteAttacksSkyrocket Mon, 18 Jul 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/SAPINFO-WebsiteAttacksSkyrocket
    Website Attacks Skyrocket

    Read full article]]>         Information Week: Companies Experience Exponential Rise In Web Attacks: Survey http://www.ntobjectives.com/news/InformationWeek-CompaniesExperienceExponentialRiseInWebAttacks-Survey Fri, 15 Jul 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/InformationWeek-CompaniesExperienceExponentialRiseInWebAttacks-Survey
    Companies Experience Exponential Rise In Web Attacks: Survey

    Read full article ]]>         Comprehensive Technology and Knowledgeable Experts Help Organizations Discover Threats, Analyze Risk and Develop Sound Security Strategies http://www.ntobjectives.com/news/ComprehensiveTechnologyandKnowledgeableExpertsHelpOrganizationsDiscoverThreats,AnalyzeRiskandDevelopSoundSecurityStrategies Thu, 19 May 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/ComprehensiveTechnologyandKnowledgeableExpertsHelpOrganizationsDiscoverThreats,AnalyzeRiskandDevelopSoundSecurityStrategies
    Comprehensive Technology and Knowledgeable Experts Help Organizations Discover Threats, Analyze Risk and Develop Sound Security Strategies

    Read full article ]]>         ITsecurity: NT OBJECTives Offers Freeware to Strengthen Website Security http://www.ntobjectives.com/news/ITsecurity-NTOBJECTivesOffersFreewaretoStrengthenWebsiteSecurity Tue, 17 May 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/ITsecurity-NTOBJECTivesOffersFreewaretoStrengthenWebsiteSecurity
    NT OBJECTives Offers Freeware to Strengthen Website Security

    Read full article ]]>         Windows IT Pro: NT OBJECTives Offers Two Free Security Tools http://www.ntobjectives.com/news/WindowsITPro-NTOBJECTivesOffersTwoFreeSecurityTools Tue, 17 May 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/WindowsITPro-NTOBJECTivesOffersTwoFreeSecurityTools
    NT OBJECTives Offers Two Free Security Tools

    Read full article ]]>         SD Times: Expanding Array of App Security Offerings http://www.ntobjectives.com/news/SDTimes-ExpandingArrayofAppSecurityOfferings Sun, 01 May 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/SDTimes-ExpandingArrayofAppSecurityOfferings
    Expanding Array of App Security Offerings

    Read full article ]]>         Credit Union Tech-Talk: NT OBJECTives Launches Automated Application Security Solution http://www.ntobjectives.com/news/CreditUnionTech-Talk-NTOBJECTivesLaunchesAutomatedApplicationSecuritySolution Mon, 18 Apr 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/CreditUnionTech-Talk-NTOBJECTivesLaunchesAutomatedApplicationSecuritySolution
    NT OBJECTives Launches Automated Application Security Solution

    Read full article]]>         EnterpriseITPlanet: NTOSpider Automated Web Application Vulnerability Scanner http://www.ntobjectives.com/news/EnterpriseITPlanet-NTOSpiderAutomatedWebApplicationVulnerabilityScanner Thu, 14 Apr 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/EnterpriseITPlanet-NTOSpiderAutomatedWebApplicationVulnerabilityScanner
    NTOSpider Automated Web Application Vulnerability Scanner

    Read full article]]>         PCReview: NTO Helps CapitalIQ with Time to Market http://www.ntobjectives.com/news/PCReview-NTOHelpsCapitalIQwithTimetoMarket Tue, 12 Apr 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/PCReview-NTOHelpsCapitalIQwithTimetoMarket
    NTO Helps CapitalIQ with Time to Market

    Read full article
    ]]>         CompliancePipeline: NT OBJECTives App Security Helps Capital IQ With Time To Market http://www.ntobjectives.com/news/CompliancePipeline-NTOBJECTivesAppSecurityHelpsCapitalIQWithTimeToMarket Mon, 11 Apr 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/CompliancePipeline-NTOBJECTivesAppSecurityHelpsCapitalIQWithTimeToMarket
    NT OBJECTives App Security Helps Capital IQ With Time To Market

    Read full article
    ]]>         FreshNews: NTO Launches Automated Application Security Solution http://www.ntobjectives.com/news/FreshNews-NTOLaunchesAutomatedApplicationSecuritySolution Mon, 11 Apr 2005 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/FreshNews-NTOLaunchesAutomatedApplicationSecuritySolution
    NTO Launches Automated Application Security Solution

    Read full article
    ]]>         Red Herring: Next Wave - Security Hole Offers Way In http://www.ntobjectives.com/news/RedHerring-NextWave-SecurityHoleOffersWayIn Fri, 01 Oct 2004 00:00:00 -0700 web, application, security NT OBJECTives Web Application Security Scanning NT OBJECTives Web Application Security News NT OBJECTives NT OBJECTives http://www.ntobjectives.com/news/RedHerring-NextWave-SecurityHoleOffersWayIn
    Next Wave: Security Hole Offers Way In

    Read full article
    ]]>