COMPANY NEWSNTO SQL Invader Provides Pen Testers and Developers the Ability to Quickly and Easily Exploit and Demonstrate SQL Injection Vulnerabilities in Web Applications 
Study by Security Expert Larry Suto Determines Intrusion Prevention Systems Tuned with Dynamic Application Security Testing Products are also Effective Against Web Application Vulnerabilities San [...]
The best defense against web application threats is to tune Web Application Firewalls (WAFs) and incorporate Dynamic Application Security Testing (DAST) software, a study has found. When used [...]
The best defense against web application vulnerabilities and threats is to professionally train Web Application Firewalls (WAFs) and to incorporate Dynamic Application Security Testing (DAST) software [...]
The year ahead will feature new and increasingly sophisticated means to capture and exploit user data, as well as escalating battles over the control of online information that threatens to compromise [...]
According to a newly released security advisory report out of Georgia Tech, attacks against smartphone applications and browsers will continue to rise as the adoption of tablets and smartphones [...]
“Perfect-Fit” Custom Patching of Web App Vulnerabilities Via Existing IPS or WAFsWeb Application Firewalls and Intrusion Preventions Systems Now More Effective With NTODefend, Eliminates Need to [...]
NT OBJECTIVES' Dan Kuykendall quoted in Information Week article, see article below or visit Information Week to read it.Web App Attacks Rise, Disclosed Bugs Decline Mismatch between vulnerability [...]
As a company that appreciates grassroots efforts, we have chosen to be a sponsor for B-Sides this year. We will be hosting breakfast and lunch on Thursday and will also be raffling off some great prizes. We look forward to seeing you there. Check out Dan Kuykendall's track picks from his blog.
Today, IT Security Experts Ltd (ITSE) announced their partnership with NTObjectives "As a licenced Penetration Tester and Security Consultant, I have been looking for the best Web Application Testing [...]
As we continue to promote and grow the partnership with Sourcefire and Snort we have put together this Webinar. You can watch here to see how this works and what can be accomplished.
Through the integration of Core and NTO’s products, organizations can quickly scan complex websites and applications and validate vulnerabilities by easily replicating the steps attackers would take to exploit them. This powerful integration reduces the
Irvine, California - February 14, 2011 - On January 20, 2011, NT OBJECTives, Inc. initiated litigation against Cenzic, Inc. pursuant to Cenzic’s threatened litigation over alleged violations of Patent 7,185,232. The case is SACV 11-00116 JST (JCx) in The United States District Court in the Central District of California. NT OBJECTives sued for declaratory judgement of non-infringement, invalidity and unenforcability of the patent. About NT OBJECTives NT OBJECTives is an innovative provider of comprehensive application security solutions designed to help organizations discover threats, analyze risk and develop sound security strategies. Its unique technology provides automated and accurate application vulnerability assessment regardless of site complexity, while its world-renowned team of security professionals provides expert knowledge transfer and technical services to help businesses understand, build and achieve application security compliance. NT OBJECTives is located in Irvine, California.
Sourcefire Increases Protection for Web Applications with Integrated Vulnerability Assessment and Custom Rule Creation Company Partners with NT OBJECTives to Identify Web Application Vulnerabilities and Automatically Create Snort Rules for Faster and More
Last week, I was playing with NTOSpider, which came up with an interesting result. At the time, I hadn't heard about the type of issue, which was described as a "Double-float overflow".
We are proud to announce the release of our SaaS scanning and management offering, NTOSpider On-Demand.
We are proud to announce the release of our enterprise scanning and management solution, NTOEnterprise.
NTO is proud to release another major upgrade ahead of schedule, 5 month after the previous version. Here is a list of the major enhancements: Added additional Compliance reporting (SOX, HIPPA, DISA-STIG, GLBA, OWASP 2007 and OWASP 2010) PDF Versions of all Compliance reports and base Vulnerabilities report (no Validate or traffic view) Added Custom URL Parser (default support for Tomcat and jsessionid) Can now run as non-Administrator account. Installs into Program Files and stores data in My Documents folder structure Ability to mark issues as Ignore to prevent them from showing up in future scans Added better raw Request/Response viewing and highlighting Fixed 100 Continue support bugs Fixed Kerberos authentication support Improved proxy PAC file support Improvements in Validate applet for better expression and replay support as well as Traffic Compare/Diff viewing Improved FP avoidance and duplicate vuln consolidation for XSS, BSQL and Dir Browse caused by various server error handlers Full support for use of WinHTTP alternative socket handling which improves support on certain server platforms Improved Javascript engine for deeper recursion controls and analysis Improvements for input training, including random value mechanism and regex matching Added full support for gzip responses Performance improvements for GUI vulnerability editor
NTO is proud to release another major upgrade on schedule 6 month after the previous version. Here is a list of the major enhancements: Improved training interfaces Improved view of vulnerabilities in the desktop interface, along with ability to delete FP's and regenerate report Improved False Positive avoidance for each module, with special improvements in BlindSQL Additional attacks routines for newer attacks Improved DOM based XSS attacks Improved display of raw traffic from attacks, including highlighting of key pieces of data Improved Validate technology for multi-request attacks
HEILBRONN, 10 February 2010 - cirosec, the specialist in IT security area, organized in March 2010 again its Trendtage around innovative topics in the IT security area. The focus this time is on the security of browsers, web applications (NTO), databases
A new whitepaper by Larry Suto has been posted on the popular Ha.ckers.org blog. Larry has followed up his 2007 review with a new analysis of the web app scanners on the market. This latest whitepaper details his findings when he compared six web application security scanners (Including NTOSpider) against six vulnerable test sites. From the report: Of the vulnerabilities on the web apps he scanned, the scanners missed an average of 49% of them. "NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating, with Hailstorm having the second best rating of 62%, but only after extensive training by an expert. Appscan had the second best 'Point and Shoot' rating of 55% and the rest averaged 39%." "As clearly the leader in terms of quality results, NTOSpider performed very well. The results make a great case for using NTOSpider as the first choice for automated scanning." Read the full whitepaper Update: Due to the number of counter-claims/accusations going around, we have posted our response. References on the web to this whitepaper: Ha.ckers.org Slashdot Darkreading An Information Security Place Podcast SemiAccurate (Part 1) / (Part 2) Infosec Island Alan Shimel's Blog Rootsecure Playnoevil Tactical Web App Security Security-dojo
NTO is proud to release another major upgrade in only 6 month after the previous version. Here is a list of the major enhancements: Improvements to User Interface Updated navigation for configuration screens Live view of the vulnerabilities details during a scan Ability to view raw traffic for issues during a scan New attack module: Arbitrary File Upload New attack module: Remote File Include Ability to view raw traffic for each vuln in the reporting Improved Validate applet Improved Proxy support New cookie management Tabs for showing multi-request attacks New debugging capabilities (detailed logging) CAC Card support Applet proxy (Burp) support Added CWEID, CAPEC, OWASP, and OVAL ids mappings to reporting Improved performance with XSS attacks
Dan Kuykendall, co-CEO of NT OBJECTives is joining the An Information Security Place Podcast as a regular host. The podcast id about general information securityand Dan will be the resident webappsec expert to comment on those topics. This will be in addition to the MightySeek Podcast that Dan currently hosts, and which is dedicated purely to Web Application Security
NTO is proud to release this major upgrade that was 18 months in the making. Here is a list of the major enhancements: PCI / HIPPA / SOX Analysis and Reporting Cookie Attacking HTTP Header attack Privilege Escalation Session logout detection and re-establishment Malicious Script Analysis / External iFrame Analysis Next generation FORM parameter analysis and attacking engine Report scalability improvements New memory management system for greater scalability Enhanced solution for attacking Login Pages without losing session Second Generation AJAX analysis Enhanced Reflection Analysis processing for partial reflections and multi reflection points Improvements in all core attacking modules (SQL, BSQL, XSS,CMDI) for reduced false positives, plus expanded number of attacks Crawler Enhancements - better analysis of image URLs with parameters Improved handling of .NET and _VIEWSTATE technologies Multiple Encoding support for all attack modules Ability to view raw traffic for all Vulnerability findings Web Application Firewall Integration (Imperva)
"Nebulas Solutions has signed three more vendors to its Technology Incubatorscheme" including "web applicationvulnerability assessment tools vendor NT Objectives" Read the full press release
NT OBJECTives and Casaba Security Partner on Integrated Threat Management SuiteNT OBJECTives, Inc., a leader in webapplication vulnerability scanning, announced today that it ispartnering with Casaba [...]
“Web 2.0 and SaaS are rapidly becoming the predominant delivery model for software,” said Kamal Arafeh, CEO, eEye Digital Security. “Traditional firewalls, SSL VPNs and other security products cannot fully protect against flaws in these web applications. eEye believes that the vulnerability landscape needs to change and evolve yet again to meet this new set of challenges. For the past ten years, eEye products have addressed operating system and application vulnerabilities and now with Retina Web Security Scanner, we are innovating further to address web application vulnerabilities and flaws.” Read the full press release
Larry Suto, an independent consultant for many large organizations, has published a whitepaper that compares NTOSpider, WebInspect and AppScan. This study focuses on each scanners ability to be used in "Point and Shoot" usage. The report demonstrates our ability to perform very well in this usage and additionally highlights the quality of our scan results and ability to avoid False Positives.
"We believe NT OBJECTives' technology will be a strong addition toVeracode’s on-demand platform based on its comprehensive coverage,accuracy and market leading automation" said Chris Wysopal, VeracodeCTO Read the full press release
Assessing Assessment: Top 10 Questions When Evaluating Application Vulnerability Scanners Read full article
Web Application Security: We Need to Increase Our Budget Read full article
Targeted Remediation of Vulnerablilities Read full article
Targets Shift for Application Security Attacks Read full article
Security Outsourcing Grabs Hold Read full article
Network World - NT OBJECTives tests your Web apps for vulnerabilities Read full article
Ken Pfeil says, "We're securing the application about 20% faster than we have in the past"
Hackers shift focus to swiping ID information Read full article
Website Attacks Skyrocket Read full article
Companies Experience Exponential Rise In Web Attacks: Survey Read full article
Comprehensive Technology and Knowledgeable Experts Help Organizations Discover Threats, Analyze Risk and Develop Sound Security Strategies Read full article
NT OBJECTives Offers Freeware to Strengthen Website Security Read full article
NT OBJECTives Offers Two Free Security Tools Read full article
Expanding Array of App Security Offerings Read full article
NT OBJECTives Launches Automated Application Security Solution Read full article
NTOSpider Automated Web Application Vulnerability Scanner Read full article
NTO Helps CapitalIQ with Time to Market Read full article
NT OBJECTives App Security Helps Capital IQ With Time To Market Read full article
NTO Launches Automated Application Security Solution Read full article
Next Wave: Security Hole Offers Way In Read full article
|
Sales