Dan Kuykendall, Co-CEO & CTO, of NT OBJECTives demonstrates how to hack RESTful interfaces using the new vulnerable test app, Hackazon. Dan explains why you’re probably missing SQL Injection in these RESTful interfaces like JSON, XML and AMF, and show how you can begin to discover them.
Security teams are struggling to maintain the effectiveness of their security testing programs in the face of these application changes. New applications have reduced trusted security tools to half measures where they once yielded more coverage and power. It’s critical that enterprises rapidly adopt detection and protection processes and technologies in order to keep with this expanding attack surface.
Dan Kuykendall, Co-CEO & CTO, of NT OBJECTives unveils what he calls The Seven Deadly Sins of Mobile Application Development (such as trusting the client and improper use of NONCE) and what developers can do to sin no more!
Do you know where your SQLi vulns are? You probably don’t know all of them, especially in mobile apps, web services and RIA’s which are typically developed in new technologies like REST, JSON and AJAX. While security teams are often effective at testing for vulnerabilities in classic HTML applications over GET and POST, most testing methodologies do not handle these new formats. As a result, web applications using these new formats are often littered with SQL Injection and other security vulnerabilities.
While conducting vulnerability testing, NT OBJECTives discovered that the Yahoo! Fantasy Football mobile app was vulnerable to session hijacking, the process of authenticating the user and ensuring an attacker isn’t impersonating a user or eavesdropping on the service.
As organizations expand security testing into earlier stages of the SDLC, developers need testing solutions that reduce the time they waste with false positives, and enable them to more easily collaborate with security professionals.
Join James Croall, Senior Product Manager, of Coverity and Dan Kuykendall, Co-CEO & CTO, of NT OBJECTives and learn how you easily and seamlessly integrate security testing into your development environment.
NT OBJECTives’ Dan Kukendall and guest speaker, Chenxi Wang, Ph.D., Vice President and Principal Analyst at Forrester Research reveal why and how vulnerabilities in mobile applications, especially custom applications using new rich programming formats, are a serious emerging and overlooked threat.
You’re suddenly under attack, or it’s happening to someone you know. You’re finally building your application security testing program. Will your boss demand application scan reports from all of your applications?
Wendy Nather, Enterprise Security-Research Director, of 451 Research and Dan Kuykendall, Co-CEO & CTO, of NT OBJECTives discuss how to scale your application security program to address hundreds or thousands of applications and how to avoid the common technology and process pitfalls.
The next generation of applications have started to rule the web, and they look very different from their ancestors. In the “good ol’ days”, web apps had their problems, but it was easier to understand and great resources (tools/practices/trainings) were quickly made available to help.