|By PR Newswire||
|February 19, 2014 02:04 PM EST||
IRVINE, Calif., Feb. 19, 2014 /PRNewswire/ -- NT OBJECTives, Inc., provider of the most automated, comprehensive and accurate web application security solutions, announced today that its NTOSpider web application scanner is the first of the application scanners to effectively introduce automated security testing of complex application workflows, including shopping carts and registration sequences, delivering more automation, accuracy and scalability than other application scanners. NTOSpider is now uniquely capable of automatically understanding a workflow sequence and expected results, which enable it to automatically create relevant session states and find web application security vulnerabilities.
Today's businesses and government organizations are delivering sophisticated and complex applications to their customers and security teams are scrambling to keep pace. Large organizations have hundreds or thousands of web applications, many of them with complex workflows. Automated security testing of those workflows with application scanners will save a tremendous amount of time and enable security teams to find more vulnerabilities much sooner. It will also allow web application security teams to focus manual testing efforts where automated security testing is not an option.
"Until now, the only way to accurately test a complex application workflow like shopping cart or invoice processing has been manually. If it takes a tester 16 hours to test a complex workflow by hand and that organization has 20 applications with complex workflows, that can add up to over a month of testing." said Dan Kuykendall, co-CEO and CTO of NT OBJECTives. "When you're a global organization, with hundreds or thousands of applications, and you need to do quarterly web application security assessments, testing by hand just doesn't scale, vulnerabilities end up being missed or applications are not tested at all.
Application scanners' automated security testing traditionally consists of two phases. First is the crawl phase during which the scanner gathers information about the application and its attack vectors. This information is then used to perform the second part, the attack phase, during which the scanner randomly attacks the functionality. While attacking randomly is good for a lot of functionality, it does not work for complex workflows.
In an application workflow, data is being passed from one step to the next and in order to find web application security vulnerabilities, it is critical to use valid test data and pass it through just as the workflow prescribes. For example, in a shopping cart application, a user adds an item to their cart, clicks checkout, enters their address and credit card data and finally makes their purchase. Each step required data to be passed from the previous in order to complete the order. When conducting automated security testing, if application scanners attack the steps in a complex workflow randomly, it will miss vulnerabilities. For example, the scanner might attack a shipping form, but because there are no items in the cart, the application informs the user that they have no items in their cart and discards the attack payloads. The scanner doesn't even know this happened and misses web application security vulnerabilities as a result.
In automated security testing, application scanners must also follow the workflow through in its entirety. It is not enough to follow the workflow up to the point of attack. Imagine, for example, that the scanner attempts a SQL injection attack on the 'last name' field in the billing form. At that point the data is often held in temporary session storage. It isn't until the order confirmation page, when the user confirms the order and the information is sent to the SQL server, that the attack is executed. So if application scanners don't complete the workflow, the attack is never executed and the SQL injection vulnerability goes undetected.
The new release of NTOSpider, unlike other application scanners, properly respects the order of the workflow, which allows the attack payloads to be delivered into the application code where it can discover the web application security vulnerabilities.
"This new release of NTOSpider holds just one of the many innovations we have in store for automated security testing. Our roadmap has many exciting advancements that will enable our customers to continue to assess modern web applications efficiently and accurately and will strengthen our position as the leading innovator in web application security scanning."
To read more about how NTOSpider handles complex application workflows and other recent automated security testing innovations for software development and QA teams, visit www.ntobjectives.com or call 1-877-NTO-WEBS (1-877-686-9327).
Tweet: @ntobjectives adds complex application workflow support to #NTOSpider for improved #webappsec testing accuracy http://bit.ly/1jcH7mq
About NT OBJECTives, Inc.
NT OBJECTives, Inc. (NTO) is a provider of the most comprehensive and accurate automated security testing software, services and SaaS for web applications. NTO's customizable suite of solutions includes application security testing, SaaS scanning and in-depth consulting services to help companies build the most comprehensive, efficient and accurate web application security program. NT OBJECTives is privately held with headquarters in Irvine, CA. For more information, visit www.ntobjectives.com or follow us on Twitter at @ntobjectives or @dan_kuykendall.
SOURCE NT OBJECTives, Inc.
DevOps tasked with driving success in the cloud need a solution to efficiently leverage multiple clouds while avoiding cloud lock-in. Flexiant today announces the commercial availability of Flexiant Concerto. With Flexiant Concerto, DevOps have cloud freedom to automate the build, deployment and operations of applications consistently across multiple clouds. Concerto is available through four disruptive pricing models aimed to deliver multi-cloud at a price point everyone can afford.
Mar. 29, 2015 05:00 PM EDT Reads: 913
Today, IT is not just a cost center. IT is an enabler and driver of business. With the emergence of the hybrid cloud paradigm, IT now has increasingly more capabilities to create new strategic opportunities for a business. Hybrid cloud allows an organization to utilize multi-tenant public clouds, dedicated private clouds, bare metal hosting, and the associated support and services for the right use cases through an on-demand, XaaS model. This model of IT creates tremendous opportunities for busi...
Mar. 29, 2015 05:00 PM EDT Reads: 3,113
Docker is an excellent platform for organizations interested in running microservices. It offers portability and consistency between development and production environments, quick provisioning times, and a simple way to isolate services. In his session at DevOps Summit at 16th Cloud Expo, Shannon Williams, co-founder of Rancher Labs, will walk through these and other benefits of using Docker to run microservices, and provide an overview of RancherOS, a minimalist distribution of Linux designed...
Mar. 29, 2015 04:15 PM EDT Reads: 2,421
Business as usual for IT is evolving into a “Make or Buy” decision on a service-by-service conversation with input from the LOBs. How does your organization move forward with cloud? In his general session at 16th Cloud Expo, Paul Maravei, Regional Sales Manager, Hybrid Cloud and Managed Services at Cisco, discusses how Cisco and its partners offer a market-leading portfolio and ecosystem of cloud infrastructure and application services that allow you to uniquely and securely combine cloud busi...
Mar. 29, 2015 04:15 PM EDT Reads: 1,371
Wearable technology was dominant at this year’s International Consumer Electronics Show (CES) , and MWC was no exception to this trend. New versions of favorites, such as the Samsung Gear (three new products were released: the Gear 2, the Gear 2 Neo and the Gear Fit), shared the limelight with new wearables like Pebble Time Steel (the new premium version of the company’s previously released smartwatch) and the LG Watch Urbane. The most dramatic difference at MWC was an emphasis on presenting we...
Mar. 29, 2015 04:00 PM EDT Reads: 1,400
Businesses are looking to empower employees and departments to do more, go faster, and streamline their processes. For all workers – but mobile workers especially – utilizing the cloud to reconnect documents and improve processes without destructing existing workflows can have a dramatic impact on productivity. In his session at 16th Cloud Expo, Mark Grilli, vice president of Acrobat Solutions marketing at Adobe Systems Incorporated, will outline new ways that the cloud is changing the way peo...
Mar. 29, 2015 04:00 PM EDT Reads: 1,315
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes ...
Mar. 29, 2015 03:30 PM EDT Reads: 2,161
Are your applications getting in the way of your business strategy? It’s time to rethink your IT approach. In his session at 16th Cloud Expo, Madhukar Kumar, Vice President, Product Management at Liaison Technologies, will discuss a new data-centric approach to IT that allows your data, not applications, to inform business strategy. By moving away from an application-centric IT model where data integration and analysis are subservient to the constraints of applications, your organization will b...
Mar. 29, 2015 03:15 PM EDT Reads: 2,549
WSM International has launched a DevOps services division that offers assessment, consulting and implementation to large enterprises and organizations with complex infrastructures. The concept of DevOps is to blend information technology (IT) software development with operations to optimize the computing infrastructure according to the specific needs of the organization. According to a recent press release from Gartner, "By 2016, DevOps will evolve from a niche strategy employed by large cloud ...
Mar. 29, 2015 03:00 PM EDT Reads: 1,278
SYS-CON Events announced today that Solgenia will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Solgenia is the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions. Designed to “Bridge the Gap” between Personal and Professional S...
Mar. 29, 2015 03:00 PM EDT Reads: 2,828
SYS-CON Events announced today that QTS Realty Trust, one of the nation’s largest and fastest-growing providers of data center facilities and cloud services and a leader in security and compliance, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. QTS Realty Trust, Inc. (NYSE: QTS) is a leading national provider of data center solutions and fully managed services, and a leader in security and compliance...
Mar. 29, 2015 03:00 PM EDT Reads: 1,253
SYS-CON Events announced today that WSM International (WSM), the world’s leading cloud and server migration services provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. WSM is a solutions integrator with a core focus on cloud and server migration, transformation and DevOps services.
Mar. 29, 2015 03:00 PM EDT Reads: 1,250
SYS-CON Events announced today that Liaison Technologies, a leading provider of data management and integration cloud services and solutions, has been named "Silver Sponsor" of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York, NY. Liaison Technologies is a recognized market leader in providing cloud-enabled data integration and data management solutions to break down complex information barriers, enabling enterprises to make sm...
Mar. 29, 2015 03:00 PM EDT Reads: 3,438
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and eas...
Mar. 29, 2015 03:00 PM EDT Reads: 3,020
Sematext is a globally distributed organization that builds innovative Cloud and On Premises solutions for performance monitoring, alerting and anomaly detection (SPM), log management and analytics (Logsene), and search analytics (SSA). We also provide Search and Big Data consulting services and offer 24/7 production support for Solr and Elasticsearch.
Mar. 29, 2015 02:15 PM EDT Reads: 1,492