NTOSpider Support in ThreadFix, Getting the Most From Your Web Testing Results

Nto_logo
Today we issues a press release with NTObjectives announcing ThreadFix’s support for importing DAST scanning results from their NTOSpider scanner. We’ve had a number of ThreadFix users asking for this and we’re thrilled to be able to announce it is now available.

Also, NTObjectives’ co-CEO Dan Kuykendall and I recently had a great discussion with Dark Reading’s Ericka Chickoswki talking about ways to get the most value out of your web application testing activities. Here’s a quick preview:

  1. View Vulnerabilities as Software Defects
  2. Make Defect Information Available in Existing Developer Tools
  3. Package Defects for Less Development Administrative Time
  4. Offer Guidance Along with the Submitted Defect
  5. Center Scanning Around Process, Not Product

That was a fun conversation that exposed some actionable next steps and you can read our full discussion online.

Also the full text of the release describing the ThreadFix/NTOSpider integration is below:

Denim Group, the leading secure software development company, and NT OBJECTives (NTO), a leading provider of automated, comprehensive and accurate web application security software and services, today announced their alliance to provide enterprise customers with a comprehensive dynamic vulnerability management solution for web and mobile applications. Denim Group’s ThreadFix application vulnerability management platform is now able to import the results from NTO’s application scanner, enabling organizations to compare and analyze the results of other testing efforts and have a more complete picture of the results of their application security testing program.

“NTO is doing some very interesting things with their scanning technology, particularly related to testing for thick client applications and web services,” saidDenim Group CTO Dan Cornell. “By building the connector with ThreadFix, NTOSpider users can now import the results of their scanning efforts and manage them alongside static analysis or manual testing results to get a deeper understanding of where their application vulnerabilities lie.”

NTOSpider’s dynamic application security testing (DAST) engine allows companies to test mobile and web applications built with the newest programming technologies like REST, AJAX, JSON and GWT. Prior to NTOSpider, this testing had to be done manually. NTOSpider offers a repeatable, rapid, and comprehensive automated application security testing solution that now frees up security analysts to spend more time on other activities that must be done to properly secure software. NTOSpider offers more comprehensive application coverage combined with sophisticated attack methodologies as well as high rates for eliminating false positive and false negative findings. This makes the scanner an important weapon in the security team’s arsenal for speeding up time to market.

“Application security teams can now use the efficiency of both ThreadFix and NTO Spider to analyze test results faster, creating a holistic view of the corporation’s security posture that reduces the risk of damage to the company’s intellectual property, data, and web applications,” said Dan Kuykendall, NT OBJECTives co-CEO. “ThreadFix users benefit from this integration and can now consolidate the results of other testing activities to provide a full view of these efforts.”

Typically, an organization’s security team uses a combination of dynamic and static scanners as well as manual testing to identify potentially thousands of vulnerabilities in applications. In the past, these disparate results were typically haphazardly managed with inefficient Excel spreadsheets to track the status of each of these vulnerabilities. ThreadFix simplifies this process by importing dynamic, static and manual testing results into a centralized console that removes duplicate findings across testing platforms resulting in a prioritized security vulnerability list for each application. Unlike infrastructure security problems inside an organization, application vulnerabilities can only be fixed by software development teams. To enable this cooperation, ThreadFix exports its prioritized security vulnerability list into the defect trackers already used by development teams, translating vulnerabilities into software defects and essentially injecting these security tasks into the developer’s regular work flow. By acting as a crucial link between the security and development teams, ThreadFix creates meaningful and productive two-way communications that dramatically streamline and accelerate the application vulnerability resolution process. The result is that with ThreadFix, applications vulnerabilities get fixed faster, reducing software risk and protecting corporate assets.

Contact NTObjectives to learn more about NTOSpider and contact us to talk about ways you can use ThreadFix and NTOSpider together.

–Dan

dan _at_ denimgroup.com

@danielcornell

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

2 Responses to “NTOSpider Support in ThreadFix, Getting the Most From Your Web Testing Results”

  1. Service web development company offers Peter Soltys – Solydesign for diverse customers. Web site consists of a partial operation

    It’s remarkable for me to have a web site, which is useful designed for my knowledge. thanks admin

  2. Eva

    I am so glad your article really helped me.

Leave a Reply

Your email address will not be published. Required fields are marked *