NTOSpider

Web Application Security Scanner NTOSpider is a dynamic application security testing (DAST) solution available as software or SaaS from NT OBJECTives. NTOSpiders comprehensive application coverage combined with its sophisticated attack methodologies deliver the best rates in the industry for the elimination of false positive and false negative ndings.

KEY BENEFITS SOPHISTICATED AUTOMATION

With NTOSpider, you will have the utmost condence that you are getting the best false positive an false negative rates available. NTOSpider automates as much of the process that can be automated. We have spent 10 years dedicated to building a sophisticated tool that crawls more of your application than any other and attacks it with a sophisticated approach.

HOW IT WORKS COMPREHENSIVE APPLICATION ACHIEVED THROUGH:

Presentation layer position and proximity analysis for form population. Multiple parsing and JavaScript execution engines Smart login and session management

FLEXIBLE
You dont have to test the entire application every time. You can choose the sections you need to re-test and when you need to retest to validate that one specic vulnerability has been removed, you can test for just that vulnerability.

SOPHISTICATED ATTACK METHODOLOGIES INCLUDE:

Pre-attack analysis conducts recon to isolate attack vectors and determines the best ways to attack them Reection analysis delivers more intelligent cross- site scripting (XSS) payloads Conrmation is key: automated process checks and re-checks vulnerability ndings to reduce false positives

SAVES TIME
You will spend a lot less time conguring the scanner and training it to understand your application.This enables your organizations security experts need time to do the work that requires manual intervention and understanding of the business.

SOPHISTICATED, ACTIONABLE REPORTS

Our reports provide accurate and actionable results that are designed to assist in remediation efforts and to help users quickly get to the data that matters most. NTOs reports: Consolidate ndings by attack types (XSS, SQLi, etc.) Enable users to further investigate vulnerabilities by clicking on them Provide the ability to re-produce attacks in real-time Support XML export for import into your tracking system Provide analysis for compliance reporting requirements (PCI, FISMA, OWASP, SOX, HIPAA, GLBA, and more)

INTELLIGENT
NTOSpider doesnt test known vulnerabilities because we know todays applications are custom with unique site structures, parameter names and responses. Instead, NTOSpider conducts a thorough crawl of your site and interprets exactly what your application is expecting. It then creates custom attacks based on your architecture to give you the most accurate results.

INTERACTIVE
Our reports provide accurate and actionable results that are designed to assist in remediation efforts and to help users quickly get to the data that matters most, with one click, you can drill into a vulnerability to get more information.

SOPHISTICATED AUTOMATION, ACURATE SCANNING

NTOSpider leverages NT OBJECTives industry leading application security expertise, employing a methodology developed from years of product development, security research and professional services engagements. This allows NTOSpider to assess your network with 100% automation, while truly maintaining the highest levels of accuracy of any application vulnerability scanner available. NTOSpider provides your organization with an automated capability to introduce application security assessment throughout the development lifecycle. Developers can test their work in real-time; QA can assist in secure deployment; with NT OBJECTives S3 Methodology, security professionals may continuously audit the production environment without threat to network disruption and without disabling any assessment features. Since all vulnerabilities are not created equal, NTOSpider employs our proprietary Data Sleuth intelligence engine to make sure the right priorities are communicated to you. By analyzing the content, structure and nature of each vulnerability, Data Sleuth can keep you focused on the real threats. From les/resources discovered to source code to scripts, comments, and directory contents, Data Sleuth will intelligently analyze all of NTOSpiders ndings to ensure you see the real threats. In addition to assessing application vulnerabilities on your site, NTOSpider performs an advanced analysis on your site structure, content and conguration to identify inherent Exposure to future or emerging threats. This can be critical in determining future security requirements and site architecture planning to mitigate future threats. Exposure is communicated via a security posture rating and qualitative analysis of ndings, including a complete catalog of all site resources and their attributes (e.g. forms, cookies, scripts, SQL strings and ODBC connectors, authentication, applets/objects, hidden elds, etc.). Of course, all the data in the world is of little use if you cant put it to work. NTOSpiders HTML reports intuitively organize and present data for all audiences. Whether youre a board member or a developer, our reports graphically summarize your security risk with detailed information on what to address rst and how to do it, step-by-step. Our exclusive Resource Mapping quickly articulates site structure and vulnerability using an interactive, 3D map with links to all threat information. The result is data you can use to secure your network immediately and effectively. Furthermore, all data is stored natively in XML, allowing reuse of assessment data throughout the organization, whether through third party integration or customized data mining solutions.

SMART, SAFE SCANNING (S3) METHODOLOGY

NT OBJECTives proprietary S3 Methodology ensures accuracy and safety not capable with any other assessment software. This advanced logic makes NTOSpider the only fully automated application vulnerability scanner, while remaining the most accurate available. S3 Methodology Features: Advanced Page Proong identies custom error pages throughout your entire site to eliminate false-positives and track site domain-structure Web Server Fingerprinting identies every web server platform in your environment, regardless of custom or third-partyobfuscation Safe Vulnerability Verication ensures every vulnerability is truly present to minimize false positives, while dynamically matching recommendations to server platform, source code or resource type Complete Java Analysis & Testing retrieves, decompiles and analyzes all server- side and client-side Java to fully interact with your entire site and test for secure coding

ABOUT NTO
NT OBJECTives, Inc. has been dedicated to solving the most difcult application security challenges for over 10 years. NTOs software, SaaS and services solutions are designed to help organizations build the most comprehensive, efcient and accurate web application security program. NT OBJECTIVES is privately held with headquarters in Irvine, CA.

2012 NT OBJECTives, Inc.

(877) NTO-WEBS

www.ntobjectives.com