COMPANY NEWS

  • NT OBJECTives Releases Free SQL Invader Tool - December 7th, 2011
    NTO SQL Invader Provides Pen Testers and Developers the Ability to Quickly and Easily Exploit and Demonstrate SQL Injection Vulnerabilities in Web Applications

  • Research Finds Web Application Firewalls Up to 39% More Effective When Trained and Layered with Dynamic Application Security Testing Products - November 16th, 2011
    Study by Security Expert Larry Suto Determines Intrusion Prevention Systems Tuned with Dynamic Application Security Testing Products are also Effective Against Web Application Vulnerabilities San [...]

  • Well-tuned WAFs with DAST products 39% more effective, study finds - November 16th, 2011
    The best defense against web application threats is to tune Web Application Firewalls (WAFs) and incorporate Dynamic Application Security Testing (DAST) software, a study has found. When used [...]

  • Effectiveness of web application firewalls - November 16th, 2011
    The best defense against web application vulnerabilities and threats is to professionally train Web Application Firewalls (WAFs) and to incorporate Dynamic Application Security Testing (DAST) software [...]

  • Georgia Tech Releases Cyber Threats Forecast for 2012 - November 8th, 2011
    The year ahead will feature new and increasingly sophisticated means to capture and exploit user data, as well as escalating battles over the control of online information that threatens to compromise [...]

  • Researchers Outline Hurdles for Mobile Security - October 19th, 2011
    According to a newly released security advisory report out of Georgia Tech, attacks against smartphone applications and browsers will continue to rise as the adoption of tablets and smartphones [...]

  • NT OBJECTives announces NTODefend - October 11th, 2011
    “Perfect-Fit” Custom Patching of Web App Vulnerabilities Via Existing IPS or WAFsWeb Application Firewalls and Intrusion Preventions Systems Now More Effective With NTODefend, Eliminates Need to [...]

  • Web App Attacks Rise, Disclosed Bugs Decline (Information Week) - September 22nd, 2011
    NT OBJECTIVES' Dan Kuykendall quoted in Information Week article, see article below or visit Information Week to read it.Web App Attacks Rise, Disclosed Bugs Decline Mismatch between vulnerability [...]

  • NT OBJECTives Hosts Breakfast and Lunch at B-Sides 2011 - August 3rd, 2011
    As a company that appreciates grassroots efforts, we have chosen to be a sponsor for B-Sides this year. We will be hosting breakfast and lunch on Thursday and will also be raffling off some great prizes. We look forward to seeing you there. Check out Dan Kuykendall's track picks from his blog.

  • NT OBJECTives partners with IT Security Experts Ltd (ITSE) - April 8th, 2011
    Today, IT Security Experts Ltd (ITSE) announced their partnership with NTObjectives "As a licenced Penetration Tester and Security Consultant, I have been looking for the best Web Application Testing [...]

  • Sourcefire with NTO Webinar - April 5th, 2011
    As we continue to promote and grow the partnership with Sourcefire and Snort we have put together this Webinar. You can watch here to see how this works and what can be accomplished.

  • Core Partners with NT Objectives to Deliver Integrated Security Test & Measurement and Web Application Scanning to Enterprises - March 10th, 2011
    Through the integration of Core and NTO’s products, organizations can quickly scan complex websites and applications and validate vulnerabilities by easily replicating the steps attackers would take to exploit them. This powerful integration reduces the

  • NT OBJECTives Enters Patent Litigation With Cenzic, Inc. - February 14th, 2011
    Irvine, California - February 14, 2011 - On January 20, 2011, NT OBJECTives, Inc. initiated litigation against Cenzic, Inc. pursuant to Cenzic’s threatened litigation over alleged violations of Patent 7,185,232.  The case is SACV 11-00116 JST (JCx) in The United States District Court in the Central District of California. NT OBJECTives sued for declaratory judgement of non-infringement, invalidity and unenforcability of the patent. About NT OBJECTives NT OBJECTives is an innovative provider of comprehensive application security solutions designed to help organizations discover threats, analyze risk and develop sound security strategies. Its unique technology provides automated and accurate application vulnerability assessment regardless of site complexity, while its world-renowned team of security professionals provides expert knowledge transfer and technical services to help businesses understand, build and achieve application security compliance. NT OBJECTives is located in Irvine, California.

  • Sourcefire partners with NTO to increase protection of Web Applications - January 26th, 2011
    Sourcefire Increases Protection for Web Applications with Integrated Vulnerability Assessment and Custom Rule Creation Company Partners with NT OBJECTives to Identify Web Application Vulnerabilities and Automatically Create Snort Rules for Faster and More

  • NTOSpider helps find issue with Drupal - December 13th, 2010
    Last week, I was playing with NTOSpider, which came up with an interesting result. At the time, I hadn't heard about the type of issue, which was described as a "Double-float overflow". I have to give most of the credit to NTOSpider as no othe

  • NT OBJECTives Launches NTOSpider On-Demand - December 1st, 2010
    We are proud to announce the release of our SaaS scanning and management offering, NTOSpider On-Demand.

  • NT OBJECTives Launches NTOEnterprise - November 15th, 2010
    We are proud to announce the release of our enterprise scanning and management solution, NTOEnterprise.

  • NT OBJECTives Releases NTOSpider 5.4 - November 13th, 2010
    NTO is proud to release another major upgrade ahead of schedule, 5 month after the previous version. Here is a list of the major enhancements: Added additional Compliance reporting (SOX, HIPPA, DISA-STIG, GLBA, OWASP 2007 and OWASP 2010) PDF Versions of all Compliance reports and base Vulnerabilities report (no Validate or traffic view) Added Custom URL Parser (default support for Tomcat and jsessionid) Can now run as non-Administrator account. Installs into Program Files and stores data in My Documents folder structure Ability to mark issues as Ignore to prevent them from showing up in future scans Added better raw Request/Response viewing and highlighting Fixed 100 Continue support bugs Fixed Kerberos authentication support Improved proxy PAC file support Improvements in Validate applet for better expression and replay support as well as Traffic Compare/Diff viewing Improved FP avoidance and duplicate vuln consolidation for XSS, BSQL and Dir Browse caused by various server error handlers Full support for use of WinHTTP alternative socket handling which improves support on certain server platforms Improved Javascript engine for deeper recursion controls and analysis Improvements for input training, including random value mechanism and regex matching Added full support for gzip responses Performance improvements for GUI vulnerability editor

  • NT Objectives Releases NTOSpider 5.2 - July 16th, 2010
    NTO is proud to release another major upgrade on schedule 6 month after the previous version. Here is a list of the major enhancements: Improved training interfaces Improved view of vulnerabilities in the desktop interface, along with ability to delete FP's and regenerate report Improved False Positive avoidance for each module, with special improvements in BlindSQL Additional attacks routines for newer attacks Improved DOM based XSS attacks Improved display of raw traffic from attacks, including highlighting of key pieces of data Improved Validate technology for multi-request attacks

  • NT OBJECTives participates in four city seminar - March 10th, 2010
    HEILBRONN, 10 February 2010 - cirosec, the specialist in IT security area, organized in March 2010 again its Trendtage around innovative topics in the IT security area. The focus this time is on the security of browsers, web applications (NTO), databases

  • Accuracy and Time Costs of Web Application Security Scanner Report - February 3rd, 2010
    A new whitepaper by Larry Suto has been posted on the popular Ha.ckers.org blog.  Larry has followed up his 2007 review with a new analysis of the web app scanners on the market. This latest whitepaper details his findings when he compared six web application security scanners (Including NTOSpider) against six vulnerable test sites. From the report: Of the vulnerabilities on the web apps he scanned, the scanners missed an average of 49% of them. "NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating, with Hailstorm having the second best rating of 62%, but only after extensive training by an expert. Appscan had the second best 'Point and Shoot' rating of 55% and the rest averaged 39%." "As clearly the leader in terms of quality results, NTOSpider performed very well. The results make a great case for using NTOSpider as the first choice for automated scanning." Read the full whitepaper   Update: Due to the number of counter-claims/accusations going around, we have posted our response. References on the web to this whitepaper: Ha.ckers.org Slashdot Darkreading An Information Security Place Podcast SemiAccurate (Part 1) / (Part 2) Infosec Island Alan Shimel's Blog Rootsecure Playnoevil Tactical Web App Security Security-dojo

  • NT Objectives Releases NTOSpider 5.0 - November 16th, 2009
    NTO is proud to release another major upgrade in only 6 month after the previous version. Here is a list of the major enhancements: Improvements to User Interface Updated navigation for configuration screens Live view of the vulnerabilities details during a scan Ability to view raw traffic for issues during a scan New attack module: Arbitrary File Upload New attack module: Remote File Include Ability to view raw traffic for each vuln in the reporting Improved Validate applet Improved Proxy support New cookie management Tabs for showing multi-request attacks New debugging capabilities (detailed logging) CAC Card support Applet proxy (Burp) support Added CWEID, CAPEC, OWASP, and OVAL ids mappings to reporting Improved performance with XSS attacks  

  • NTO Grows Its Podcasting Efforts - August 18th, 2009
    Dan Kuykendall, co-CEO of NT OBJECTives is joining the An Information Security Place Podcast as a regular host. The podcast id about general information securityand Dan will be the resident webappsec expert to comment on those topics. This will be in addition to the MightySeek Podcast that Dan currently hosts, and which is dedicated purely to Web Application Security

  • NT Objectives Releases NTOSpider 4.0 - May 1st, 2009
    NTO is proud to release this major upgrade that was 18 months in the making. Here is a list of the major enhancements: PCI / HIPPA / SOX Analysis and Reporting Cookie Attacking HTTP Header attack Privilege Escalation Session logout detection and re-establishment Malicious Script Analysis / External iFrame Analysis Next generation FORM parameter analysis and attacking engine Report scalability improvements New memory management system for greater scalability Enhanced solution for attacking Login Pages without losing session Second Generation AJAX analysis Enhanced Reflection Analysis processing for partial reflections and multi reflection points Improvements in all core attacking modules (SQL, BSQL, XSS,CMDI) for reduced false positives, plus expanded number of attacks Crawler Enhancements - better analysis of image URLs with parameters Improved handling of .NET and _VIEWSTATE technologies Multiple Encoding support for all attack modules Ability to view raw traffic for all Vulnerability findings Web Application Firewall Integration (Imperva)

  • Nebulas Solutions selects NTO - March 5th, 2009
    "Nebulas Solutions has signed three more vendors to its Technology Incubatorscheme" including "web applicationvulnerability assessment tools vendor NT Objectives" Read the full press release

  • NT OBJECTives and Casaba Security Partner on Integrated Threat Management Suite - April 2nd, 2008
    NT OBJECTives and Casaba Security Partner on Integrated Threat Management SuiteNT OBJECTives, Inc., a leader in webapplication vulnerability scanning, announced today that it ispartnering with Casaba [...]

  • NTO Partners with eEye Digital Security - March 13th, 2008
    “Web 2.0 and SaaS are rapidly becoming the predominant delivery model for software,” said Kamal Arafeh, CEO, eEye Digital Security. “Traditional firewalls, SSL VPNs and other security products cannot fully protect against flaws in these web applications. eEye believes that the vulnerability landscape needs to change and evolve yet again to meet this new set of challenges. For the past ten years, eEye products have addressed operating system and application vulnerabilities and now with Retina Web Security Scanner, we are innovating further to address web application vulnerabilities and flaws.” Read the full press release

  • Analyzing the Effectiveness and Coverage of Web Application Security Scanners - October 14th, 2007
    Larry Suto, an independent consultant for many large organizations, has published a whitepaper that compares NTOSpider, WebInspect and AppScan. This study focuses on each scanners ability to be used in "Point and Shoot" usage. The report demonstrates our ability to perform very well in this usage and additionally highlights the quality of our scan results and ability to avoid False Positives.

  • NTO Partners with Veracode - August 8th, 2007
    "We believe NT OBJECTives' technology will be a strong addition toVeracode’s on-demand platform based on its comprehensive coverage,accuracy and market leading automation" said Chris Wysopal, VeracodeCTO Read the full press release

  • Assessing Assessment: Top 10 Questions When Evaluating Application Vulnerability Scanners - November 29th, 2005
    Assessing Assessment: Top 10 Questions When Evaluating Application Vulnerability Scanners Read full article

  • ITSecuirty: Web Application Security: We Need to Increase Our Budget... - October 28th, 2005
    Web Application Security: We Need to Increase Our Budget Read full article

  • Sarbanes-Oxley Compliance Journal: Targeted Remediation of Vulnerablilities - October 11th, 2005
    Targeted Remediation of Vulnerablilities Read full article

  • Enterprise Systems: Targets Shift for Application Security Attacks - September 13th, 2005
    Targets Shift for Application Security Attacks Read full article

  • CIO Decisions: Security Outsourcing Grabs Hold - September 5th, 2005
    Security Outsourcing Grabs Hold Read full article

  • Network World: NT OBJECTives tests your Web apps for vulnerabilities - August 15th, 2005
    Network World - NT OBJECTives tests your Web apps for vulnerabilities Read full article

  • InformationWeek: NTO Speeds Financial Product Delivery - August 11th, 2005
    Ken Pfeil says, "We're securing the application about 20% faster than we have in the past"

  • USA Today: Hackers shift focus to swiping ID information - July 18th, 2005
    Hackers shift focus to swiping ID information Read full article

  • SAP INFO: Website Attacks Skyrocket - July 18th, 2005
    Website Attacks Skyrocket Read full article

  • Information Week: Companies Experience Exponential Rise In Web Attacks: Survey - July 15th, 2005
    Companies Experience Exponential Rise In Web Attacks: Survey Read full article

  • Comprehensive Technology and Knowledgeable Experts Help Organizations Discover Threats, Analyze Risk and Develop Sound Security Strategies - May 19th, 2005
    Comprehensive Technology and Knowledgeable Experts Help Organizations Discover Threats, Analyze Risk and Develop Sound Security Strategies Read full article

  • ITsecurity: NT OBJECTives Offers Freeware to Strengthen Website Security - May 17th, 2005
    NT OBJECTives Offers Freeware to Strengthen Website Security Read full article

  • Windows IT Pro: NT OBJECTives Offers Two Free Security Tools - May 17th, 2005
    NT OBJECTives Offers Two Free Security Tools Read full article

  • SD Times: Expanding Array of App Security Offerings - May 1st, 2005
    Expanding Array of App Security Offerings Read full article

  • Credit Union Tech-Talk: NT OBJECTives Launches Automated Application Security Solution - April 18th, 2005
    NT OBJECTives Launches Automated Application Security Solution Read full article

  • EnterpriseITPlanet: NTOSpider Automated Web Application Vulnerability Scanner - April 14th, 2005
    NTOSpider Automated Web Application Vulnerability Scanner Read full article

  • PCReview: NTO Helps CapitalIQ with Time to Market - April 12th, 2005
    NTO Helps CapitalIQ with Time to Market Read full article

  • CompliancePipeline: NT OBJECTives App Security Helps Capital IQ With Time To Market - April 11th, 2005
    NT OBJECTives App Security Helps Capital IQ With Time To Market Read full article

  • FreshNews: NTO Launches Automated Application Security Solution - April 11th, 2005
    NTO Launches Automated Application Security Solution Read full article

  • Red Herring: Next Wave - Security Hole Offers Way In - October 1st, 2004
    Next Wave: Security Hole Offers Way In Read full article