World Class Web Application Security Testing and Scanning

Dynamic Application Security Testing

 NTOSpider: Next-generation web application vulnerability scanner, providing automated vulnerability assessment with unprecedented accuracy.

Enterprise Scanning and Management

 NTOEnterprise: Application security program management with unlimited scanning across your enterprise from a central console that's fully scalable, with centralized reporting and trend analysis.

SaaS/Cloud Scanning Services

 NTOSpider-OnDemand: Application security SaaS built on NTOSpider scanning engine provides an efficient, scalable, accurate and easy scanning solution.

WAF/IPS Integration

 NTODefend: Enables enterprise security teams to automatically create custom rules that to train their IPS and WAF devices to be optimally effective.

May 8, 2012
SECURITY WIRE WEEKLY (PODCAST) - Costly business logic flaws require manual testing
Business logic flaws are costly to detect but even more costly if they are exploited, says application security expert Dan Kuykendall, CTO of NTOBJECTives Inc. Manual testing can detect the issues before cybercriminals can take advantage of the flawed fun

May 8, 2012
PEN TEST MAGAZINE - Attacking and exploiting the top 10 business logic attack vectors
Review on the NT Objectives article which builds a base level knowledge and awareness of the top 10 business logic attacks and how to start to identify and test for them in future penetration testing engagements.

May 7, 2012
DR. DOBB'S - Penetration testers offered specific instructions, real-world examples, and code-snippets
Application business logic flaws are said to be unique to each custom application, potentially very damaging, and typically very difficult to test. Attackers exploit business logic by using "deductive reasoning" to trick and ultimately exploit the applica

May 4, 2012
IT SECURITY PRO - Pen testing techniques revealed in new white paper
NT Objectives has published a white paper that is billed as arming penetration testers with specific instructions, real-world examples and code-snippets for testing and exploiting the most common business logic types of vulnerabilities.

more news >


May 4, 2012
Surviving the Week – 05/04/2012
Insight to online black markets and how they work A short article that provides a brief look at how bitcoins and Tor make [...]

May 3, 2012
Top 10 Business Logic Attack Vectors
We released a new white paper today, Top 10 Business Logic Attack Vectors. Why did we write this paper? Business logic [...]

Apr 27, 2012
Surviving the Week – 04/27/2012
Decline in web application vulnerabilities? Interesting article and kind of funny.  No responsibility is taken for the [...]

Apr 25, 2012
Live Webcast 5/2: Application Security in a Hurry w/451 Research Director Wendy Nather
We’re looking forward to our upcoming webinar with 451 Research Director, Wendy Nather next week on 5/2. Wendy and I [...]

more posts >


Best Vulnerability Detection Engine: "NTOSpider found over twice as many vulnerabilities as the average competitor having a 94% accuracy rating"

Security Administrator

"What is interesting is that training WAFs with NTODefend can dramatically increase their effectiveness and make them a far more useful part of an enterprise's application security strategy"

Larry Suto
Application Security Consultant

Partners
eEye Digital Security
Sourcefire
Tipping Point
Imperva
Veracode