|
|
|
NTO ASAP
NTO recognizes that resolving security problems requires a combination of tools, training and professional services. Some customers have indicated a preference to have a single point of contact to help them identify their problems and help solve them. In response, NTO has created NTOASAP.
NTO Application Security Assurance Program (ASAP) is designed to help enterprises discover and remediate web application vulnerabilities, while creating a long-term process to permanently address web site security risk. As a blended offering of NTO's leading security assessment software, NTOSpider, its training and consulting, ASAP installs a complete security assurance program into client organizations.
- At the core of solving any business problem is ensuring that your team has the appropriate skills.
- NTO's training has been developed by the co-author of Hacking Exposed: Web Applications and author of Hack Notes: Web Security. It focuses on explaining web application attacks and the defenses that can prevent them.
- NTO will also train your team to use NTOSpider and to customize it so that you get the data you need to test versus your compliance standards.
|
|
- NTOSpider leverages NT OBJECTives' industry-leading application security expertise developed from years of product development, security research and professional services engagements
- NTOSpider goes way beyond enumerating interminable lists of vulnerabilities. You know that you have vulnerabilities. The question is, how do you fix the ones you have and prevent new ones from being created.
- NTOSpider helps you understand your web applications. How large are they? What sections of code are potentially vulnerable. How are your sites architected? To whom are you sending data? Utilizing this information in the development process will help you to create better architected sites.
- NTOSpider also helps you identify the site resources that are creating the vulnerabilities. You are likely to have thousands of vulnerabilities but a far more manageable amount of code to fix. NTOSpider helps you to categorize, prioritize and assign these problems.
|
|
- Technology is an enabler. NTO's professional services team starts every assignment by asking about the business goals that your web applications are designed to support. What is important to you?
- NTO Professional Services can also work with you to create custom reports that track compliance with your policies. NTOSpider stores all scan results in XML, making this a relatively painless process. We can also help you integrate third party data into your reports.
- NTO also helps you to understand how your application security lifecycle impacts your security posture. Development, QA and audit all need to understand policy requirements and work together.
- Creating and maintaining secure web applications is a business process, like any other. NTO will work with you to make sure that you are efficiently using human and technological resources to ensure that your policy goals are being implemented. NTO will also help you to create reports showing progress towards your goals over time. Is development making more secure applications? Are existing vulnerabilities being fixed?
- For organizations that want to fix vulnerabilities quickly and do not have the internal resources to dedicate to the problem, NTO can have its consultants create the fixes and work with your developers to have them inserted into the application.
|
|
|
|
Training
