More Coverage – Mobile, AJAX, JSON
Enables security teams to automatically interpret and scan modern application technologies such as Mobile, JSON, REST, SOAP, HTML5 and AJAX. The new dynamic application security testing (DAST) solution includes Universal Translator technology that can automatically crawl, detect and attack vulnerabilities that were previously only discoverable by manual testing.
With NTOSpider, you will have the utmost confidence that you are getting the best false positive and false negative rates available. NTOSpider automates as much of the process that can be automated. We have spent more than 11 years building a sophisticated tool that crawls more of your application than any other and attacks it with a sophisticated approach.
You don’t have to test the entire application every time. You can choose the sections you need to re-test and when you need to retest to validate that one specific vulnerability has been removed, you can test for just that vulnerability.
You will spend a lot less time configuring the scanner and training it to understand your application.This enables your organization’s security experts need time to do the work that requires manual intervention and understanding of the business.
NTOSpider doesn’t test known vulnerabilities because we know today’s applications are custom with unique site structures, parameter names and responses. Instead, NTOSpider conducts a thorough crawl of your site and interprets exactly what your application is expecting. It then creates custom attacks based on your architecture to give you the most accurate results.
Our reports provide accurate and actionable results that are designed to assist in remediation efforts and to help users quickly get to the data that matters most, with one click, you can drill into a vulnerability to get more information.
NTOSpider Checks For:
- Data Injection and Manipulation Attacks
- Blind SQL injection
- Remote File Include (RFI) injection
- Operating system command injection
- Parameter Redirection
- Persistent XSS
- DOM-based XSS
- Cross-site request forgery
- SQL injection
- Reflected Cross-site scripting (XSS)
- Server and General HTTP
- AJAX auditing
- Detection of Client-side Technologies
- Directory indexing and enumeration
- HTTP response splitting
- Canonicalization attacks
- Cookie security
- Custom fuzzing
- Path manipulation – traversal
- Brute force authentication attacks