Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/18/2012
06:59 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CORE, NTO Partner To Provide Web App Security Analysis

Integrated solution of NTOSpider and CORE Insight Enterprise will automatically discover application vulnerabilities

Boston, MA and Irvine, CA – April 18, 2011 – CORE Security®, a leading provider of predictive security intelligence solutions, and NT OBJECTives (NTO) a provider of automated, comprehensive and accurate web application security software and services today announced a first-of-its-kind technology partnership to create an integrated and automated solution to ensure enterprise security professionals quickly understand application vulnerabilities and the precise business and operational risks associated with each.

The integration of the CORE Insight™ predictive security intelligence solution and NTO’s web application security scanner, NTOSpider, will provide the most comprehensive view of an organization’s application security posture for enterprise customers. Through the automation of vulnerability identification, validation and risk prioritization, companies will now be able to efficiently monitor their application security posture, allowing security teams to spend their time on the material risks and threats that require more detailed analysis and subject matter expertise.

Application security is a massive, complex and escalating problem. Many organizations have hundreds or even thousands of web applications that access sensitive customer, financial and corporate information. Security teams use application security scanners such as NTOSpider to identify the application vulnerabilities and then use CORE’s Insight threat simulation and real-world threat replication technology to do deeper testing on those vulnerabilities pivoting off each internal asset, such as databases and servers, to find which can actually be exploited. But, it takes time to feed the vulnerabilities to CORE Insight, until now.

“Real-world attacks have spanned multiple attack surfaces; attackers today will exploit a vulnerability in a web application, and then penetrate deeper into the network using a variety of network and service vulnerabilities. By combining some of the best web scanning and network vulnerability scanning technology with our attack planning and patented exploitation technology, we can simulate and test for exposure to complete real world attacks in a fully automated way, thus providing an unprecedented and unique intelligence around security exposures,” said Milan Shah, senior vice president of engineering of CORE Security.

How the Combined Solution Works

CORE Insight validates and prioritizes application vulnerabilities discovered by NTOSpider in the following way:

1. Vulnerability identification: NTOSpider discovers a comprehensive list of application security vulnerabilities

2. 2. Vulnerability analysis: CORE Insight consumes that input to validate which critical assets can be breached by pivoting and traversing off of each asset to find the exploit. These multi-vector attacks are an increasingly popular technique used by attackers today.

3. 3. Business risk summary: The combined result articulates the specific potential impact of a breach from a discovered vulnerability.

“By combining CORE Insight’s ability to articulate the business impact of a risk with NTOSpider’s ability to identify web application vulnerabilities, we can give security teams a more efficient way to get a holistic view of their security posture by providing more automation so that security experts can apply their analysis to the areas that can’t or haven’t yet been automated,” said Dan Kuykendall, co-CEO NTO.

About CORE Security

CORE Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CORE Labs, the company’s innovative security research center. For more information, visit www.coresecurity.com.

About NT Objectives NT OBJECTives (NTO), Inc brings together an innovative collection of experts in information security to provide a comprehensive suite of technologies and services to solve today’s toughest application security challenges. NTO solutions are well known as the most comprehensive and accurate Web Application security solutions available. NTO is privately held with headquarters in Irvine, CA.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-18178
PUBLISHED: 2021-05-18
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
CVE-2020-20214
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
CVE-2020-20222
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20236
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
CVE-2020-20237
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.