About NT OBJECTives

Company History

The NTO team has substantial experience in the security community. NTO’s engineering team was part of the core development team that created Foundscan, the first next generation vulnerability scanner while at Foundstone. In the summer of 2002, a few of the core product team at Foundstone left to pursue common interests in developing the first enterprise solution truly capable of addressing the emerging application security threats.

The NTO Culture

Everyone on the NTO team is an industry expert, and is encouraged to innovate to solve the needs of this complex problem. Having a corporate culture that respects each team member enough to be given broad levels of autonomy, has allowed NTO’s technology to solve problems that were thought impossible. Every team member is regularly exposed to real customers, either as silent participant in sales and/or support calls, working directly with customers on bugs or features, or reviewing details of why potential opportunities were lost. This first hand exposure enables us to have a more informed and purpose driven team that is inspired and motivated to strive to solve these issues and improve our products.

The NTO Vision

NTO believes that Web Application Security represents the greatest security challenge facing the information technology industry today. Millions of custom Web Applications have been developed in the past two decades. No two are alike and the expectations for enhanced customer and partner interactions often introduce numerous vulnerabilities.

Manual penetration tests, the traditional means to identify Web Application vulnerabilities, are too expensive to be a solution for most applications. Even if every enterprise had the funds to review all of its applications as infrequently as once a year, there are not enough trained pen testers to do a tenth of the work.

The logical solution is an automated tool. Unfortunately, first generation vulnerability assessment tools were not truly automated. The complexities of modern Web sites, including JavaScript, forms processing, complex authentication and session management, resulted in these early scanners requiring significant user interaction to completely crawl an application. Many users, untrained in their use, did not crawl even a portion of their sites and overlooked significant security holes. Moreover, these scanners merely pointed out long lists of vulnerabilities and did not assist security teams in assigning and remediating these vulnerabilities.

The NTO Approach

NTO is dedicated to creating the most automated security tools to allow security teams to test their sites with minimal work and remediate them quickly and efficiently. It has assembled several of the top experts in application security product design, development and consulting. Its tools implement the best practices in Web Application penetration testing learned over hundreds of assignments.

The most efficient time to eliminate vulnerabilities is during the development process. NTO offers training and professional services to help clients implement best practices across their organizations so that application security is a fully integrated part of the application architecture.

Product Overview

NTOSpider is designed to be the most comprehensive, fully automated Web application scanner on the market. NTOSpider automates the process of authentication, session management, crawling and attacking. NTOSpider helps security teams as they communicate vulnerabilities to application development teams and work with them to ensure that they are remediated. NTOSpider categorizes vulnerabilities by their root cause, and provides useful and visual reporting to better facilitate remediation efforts.