|By PR Newswire||
|December 5, 2012 07:01 AM EST||
IRVINE, Calif., Dec. 5, 2012 /PRNewswire/ -- NT OBJECTives, a provider of the most automated, comprehensive and accurate web application security software, services and SaaS, today announced the release of a new webcast featuring Forrester Research titled, "Mobile Application Security: What You Need to Know." With guest presenter Chenxi Wang, Ph.D., Vice President and Principal Analyst at Forrester Research, Inc. and Dan Kuykendall, co-CEO and CTO of NT OBJECTives, the webcast reveals why and how vulnerabilities in mobile applications, especially custom applications using new rich programming formats, are being overlooked and leading cybercriminals straight to the backend servers where critical data is housed. The presentation includes new research and practical guidance to protect enterprises from this emerging and largely unaddressed threat in the mobile application security space. The mobile application market is currently a $6 billion market today with expected growth to more than $55 billion by the year 20151.
In an informal study of more than 500 clients, Forrester found that nearly 50 percent have built custom mobile applications or are about to build them demonstrating how active enterprise mobility is today. Along with this growth is also the increasing number of exploitations of application-programming interfaces (APIs) associated with custom applications. It is within these APIs that attackers are able to reach backend servers, where critical and sensitive information is housed.
"API communication can be exploited and this is something not every developer really understands. There is a client application that is installed specifically by the user, and this application talks to the server side which is not like a traditional browser application as any browser can come to a web application," states Wang on the webcast. "So developers think that because there is a native application, they are sort of shielded from somebody that could get in the middle of the client/server communication. That is a misconception, it's simply not true. Someone can get in the middle and attack a backend server application."
Kuykendall and Wang both emphasize that with proper and effective testing, issues such as API security flaws, along with authentication weaknesses, protocol level bugs and load processing bugs can be discovered and remediated. Additionally, SSL and basic application authentication should not be relied on to protect against attacks.
"The evolution of new mobile APIs such as JSON, SOAP and REST have created exciting new ways for enterprises to engage their customers like never before," says Dan Kuykendall co-CEO and CTO of NT OBJECTives. "Let's face it though, this has created a new path to the pot of gold that cybercriminals are after, with the backend server now being the endgame. If IT departments and developers aren't effectively testing their mobile applications, they are really missing the mark. We must evolve our security practices to stay in step and make sure these applications are secure."
Other topics addressed in the webcast include device and enterprise market trends, how mobile applications are exploited, how to properly test mobile applications, common mobile application attack vectors and common mobile hacking tools.
"If I may leave you with one message," Wang goes on to say on the webcast, "You should review your code, test and review, test and review, and test again, and in every sprint that is what you need to do."
The full webcast can be accessed at http://www.ntobjectives.com/go/webcast-mobile-application-security/
Individuals interested in learning more about web application technologies are invited to access NTO's most recent whitepaper, "The Widening Web Application Security Scanner Coverage Gap in RIA, Mobile and Web Services: Is Your Scanner like the Emperor's New Clothes?" a research report that identifies nine common underlying web application technologies in mobile applications, Rich Internet Applications (RIA) and web services being overlooked by today's scanners with practical guidance on how to improve security efficiency and effectiveness with each.
The white paper was released in conjunction with the company's NTOSpider6 beta, a new dynamic application security testing (DAST) solution that includes a proprietary Universal Translator technology that can automatically crawl, detect and attack vulnerabilities that exist in modern mobile applications. NTO invites security researches and security professionals who want to stay current against modern applications to participate in the NTOSpider 6 beta program. For more information or to register for beta program participation visit http://www.ntobjectives.com/security-software/ntospider-trial-download-request/
1Forrester Research, Inc., February 2012 "Mobile is the new face of engagement"
About NT OBJECTives
NT OBJECTives (NTO) is a provider of most automated, comprehensive and accurate web application security software, services and SaaS. NTO has been dedicated to solving the most difficult application security challenges for over 10 years. NTO's software, SaaS and services solutions are designed to help organizations build the most comprehensive, efficient, accurate web application security program. NT OBJECTIVES is privately held with headquarters in Irvine, CA. For more information visit www.ntobjectives.com or follow us on Twitter @ntobjectives or @dan_kuykendall.
SOURCE NT OBJECTives
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series dat...
Jan. 31, 2015 05:45 AM EST Reads: 3,186
15th Cloud Expo, which took place Nov. 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA, expanded the conference content of @ThingsExpo, Big Data Expo, and DevOps Summit to include two developer events. IBM held a Bluemix Developer Playground on November 5 and ElasticBox held a Hackathon on November 6. Both events took place on the expo floor. The Bluemix Developer Playground, for developers of all levels, highlighted the ease of use of Bluemix, its services and functionalit...
Jan. 31, 2015 05:30 AM EST Reads: 2,862
Today’s enterprise is being driven by disruptive competitive and human capital requirements to provide enterprise application access through not only desktops, but also mobile devices. To retrofit existing programs across all these devices using traditional programming methods is very costly and time consuming – often prohibitively so. In his session at @ThingsExpo, Jesse Shiah, CEO, President, and Co-Founder of AgilePoint Inc., discussed how you can create applications that run on all mobile ...
Jan. 31, 2015 05:00 AM EST Reads: 2,905
In her General Session at 15th Cloud Expo, Anne Plese, Senior Consultant, Cloud Product Marketing, at Verizon Enterprise, focused on finding the right mix of renting vs. buying Oracle capacity to scale to meet business demands, and offer validated Oracle database TCO models for Oracle development and testing environments. Anne Plese is a marketing and technology enthusiast/realist with over 19+ years in high tech. At Verizon Enterprise, she focuses on driving growth for the Verizon Cloud platfo...
Jan. 31, 2015 04:30 AM EST Reads: 3,480
At 15th Cloud Expo, Shrikant Pattathil, Executive Vice President at Harbinger Systems, demos a video delivery platform that helps you do interactive videos. He discusses how Harbinger is accomplishing it in the cloud world, the problems they faced and the choices they made to get around these problems.
Jan. 31, 2015 03:45 AM EST Reads: 1,669
Between the compelling mockups and specs produced by your analysts and designers, and the resulting application built by your developers, there is a gulf where projects fail, costs spiral out of control, and applications fall short of requirements. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, will present a new approach where business and development users collaborate – each using tools appropriate to their goals and expertise – to build mo...
Jan. 31, 2015 03:15 AM EST Reads: 1,946
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immed...
Jan. 31, 2015 03:00 AM EST Reads: 3,498
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Jan. 31, 2015 02:00 AM EST Reads: 8,092
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using ...
Jan. 31, 2015 02:00 AM EST Reads: 3,098
In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect at GE, and Ibrahim Gokcen, who leads GE's advanced IoT analytics, focused on the Internet of Things / Industrial Internet and how to make it operational for business end-users. Learn about the challenges posed by machine and sensor data and how to marry it with enterprise data. They also discussed the tips and tricks to provide the Industrial Internet as an end-user consumable service using Big Data Analytics and Industrial C...
Jan. 31, 2015 01:00 AM EST Reads: 2,951
Things are being built upon cloud foundations to transform organizations. This CEO Power Panel at 15th Cloud Expo, moderated by Roger Strukhoff, Cloud Expo and @ThingsExpo conference chair, addressed the big issues involving these technologies and, more important, the results they will achieve. Rodney Rogers, chairman and CEO of Virtustream; Brendan O'Brien, co-founder of Aria Systems, Bart Copeland, president and CEO of ActiveState Software; Jim Cowie, chief scientist at Dyn; Dave Wagstaff, VP ...
Jan. 31, 2015 01:00 AM EST Reads: 2,845
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happe...
Jan. 31, 2015 12:30 AM EST Reads: 3,096
"For the past 4 years we have been working mainly to export. For the last 3 or 4 years the main market was Russia. In the past year we have been working to expand our footprint in Europe and the United States," explained Andris Gailitis, CEO of DEAC, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Jan. 30, 2015 11:45 PM EST Reads: 2,661
The 4th International DevOps Summit, co-located with16th International Cloud Expo – being held June 9-11, 2015, at the Javits Center in New York City, NY – announces that its Call for Papers is now open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's large...
Jan. 30, 2015 11:00 PM EST Reads: 3,764
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, ...
Jan. 30, 2015 10:00 PM EST Reads: 2,884