Tales from the Web Scanning Front: Why is This Scan Taking So Long?
As CEO, I’m constantly emphasizing the importance of customer support and trying to attend several support calls each week to stay on top of our support quality and what customers are asking....
View ArticleNT OBJECTives Positioned in the “Visionaries” Quadrant of the Magic Quadrant...
Recent Gartner research positioned NT OBJECTives in the Visionaries quadrant for Dynamic Application Security Testing(DAST).(i) Gartner’s report was published in December and is now available to all...
View ArticleRSA 2012: NT Objectives hosts ISE® VIP wine tasting reception & book signing...
We are looking forward to RSA 2012 in San Francisco. We are excited to be hosting a VIP reception and a book signing with Kevin Mitnick with T.E.N and their ISE® Alumni VIP Hosts. Tuesday, February...
View ArticleTales from the web scanning front: Don’t eat the entire buffet at once
One of the more common problems that we see is customers trying to bite off more of their application infrastructure at once than they can chew. A certain amount of planning will yield better, more...
View ArticleClik here to view.
Web Application Security Scanning – The Art of Automation
Few people fully appreciate the difficulty in creating a web application security scanner that can actually work well against most sites. In addition, there is much debate about how much application...
View ArticleClik here to view.
2013 Security B-Sides San Francisco Voting
Voting for Security B-Sides San Francisco presentations is in full swing. Be sure to vote for your favorites talks. We’re partial to these two talks by Dan Kuykendall! The Pineapple Express: Live...
View ArticleClik here to view.
Mobile App Security – Application Security’s “Where’s Waldo”
As I have discussed in previous posts and at conferences, like OWASP AppSecUSA, while the number of attacks continue to increase, the attack techniques aren’t new at all. They are actually the same old...
View ArticleClik here to view.
Announcing NTOSpider 6 – Now scanning mobile, web services, and CSRF
I am very happy to announce the delivery of NTOSpider 6, the first and only dynamic application security scanner available that is capable of effectively testing modern mobile and web applications that...
View ArticleClik here to view.
NT OBJECTives and Coverity release integrated SAST and DAST
We are happy to announce our partnership with Coverity and the general availability the first Interactive Application Security Testing (IAST) solution to be built on a “developer-ready” platform. With...
View ArticleClik here to view.
Build security earlier into the SDLC with NT OBJECTives & Coverity
NTO & Coverity launch interactive application security (IAST) Are your developers effectively testing for and fixing security vulnerabilities early in the software development lifecycle (SDLC)?...
View ArticleClik here to view.
Mobile application security testing – fast and easy!
Mobile application security testing: Four words that, for many security professionals, elicit a nagging feeling that comes from knowing the challenge is imminent if not already present, yet very...
View ArticleClik here to view.
Mobile Application Security 101
Mobile Applications – Still Insecure Businesses are racing to meet the demands for mobile applications, yet mobile application security is an afterthought, just as web application security was when web...
View ArticleClik here to view.
Fix Security Defects Earlier with NTOSpider and Selenium Integration
It’s a well-known fact that it costs less to fix security defects earlier in the software development lifecycle than later. But because most security professionals are experts in security and less...
View ArticleNTOSpider 6.4 Now Available!
We are excited to announce a host of enhancements to NTOSpider that will further assist you in testing more of your applications in less time. Our mission is and has always been to create the most...
View ArticleSSL Poodle Check Added to NTOSpider
This week’s “big hack” everyone is yapping about is the POODLE flaw in Secure Socket Layer (SSL 3.0). The hack is a bad one, when the attacker can get man-in-the-middle to set it up, but the need for...
View ArticleAnnouncing Hackazon! The first vulnerable web test application to enable...
We are excited to announce the release of the first vulnerable web application built with web 2.0 and mobile client technologies. Hackazon is a “fake app” test site which replicates an on-line...
View ArticleClik here to view.
OWASP AppSec California Recap
I spent the week at OWASP AppSec California in Santa Monica and had a great time! This is the 2nd year of having the event at this location, and even as a southern California native, it is a beautiful...
View ArticleClik here to view.
Security Snake Oil
Why Known Vulnerability Checks for Web Applications Simply Don’t Work. This paper explains the ineffectiveness of known vuln checkers such as Nikto, Wikto and other such solutions added to network...
View ArticleClik here to view.
Phishanomics: The Economics of Phishing, the iframe attack and the Brand ROI...
This paper will argue that the iframe attack (popularized by the Bank of India hack) has fundamentally altered the way that security professionals must defend less important websites. By allowing...
View ArticleClik here to view.
HouSecCon 2011 and B-Sides ATL Review
Last week was a travel week. On Wednesday I was in Austin for some meetings, then headed to Houston for the second annual HouSecCon on Thursday. I have to say that I was blown away at how much bigger...
View Article
