The integration of the CORE Insight™ predictive security intelligence solution and NTO’s web application security scanner, NTOSpider, will provide the most comprehensive view of an organization’s application security posture for enterprise customers. Through the automation of vulnerability identification, validation and risk prioritization, companies will now be able to efficiently monitor their application security posture, allowing security teams to spend their time on the material risks and threats that require more detailed analysis and subject matter expertise.
Application security is a massive, complex and escalating problem. Many organizations have hundreds or even thousands of web applications that access sensitive customer, financial and corporate information. Security teams use application security scanners such as NTOSpider to identify the application vulnerabilities and then use CORE’s Insight threat simulation and real-world threat replication technology to do deeper testing on those vulnerabilities pivoting off each internal asset, such as databases and servers, to find which can actually be exploited. But, it takes time to feed the vulnerabilities to CORE Insight, until now.
“Real-world attacks have spanned multiple attack surfaces; attackers today will exploit a vulnerability in a web application, and then penetrate deeper into the network using a variety of network and service vulnerabilities. By combining some of the best web scanning and network vulnerability scanning technology with our attack planning and patented exploitation technology, we can simulate and test for exposure to complete real world attacks in a fully automated way, thus providing an unprecedented and unique intelligence around security exposures,” said Milan Shah, senior vice president of engineering of CORE Security.
How the Combined Solution Works
CORE Insight validates and prioritizes application vulnerabilities discovered by NTOSpider in the following way: