Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/14/2013
05:44 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Fast Tracking AppSec Test Results - NT OBJECTives & Denim Group Partnership

ThreadFix is now integrated with NTOSpider application scanner

San Antonio, Texas (PRWEB) August 14, 2013

Denim Group, the leading secure software development company, and NT OBJECTives (NTO), a leading provider of automated, comprehensive and accurate web application security software and services, today announced their alliance to provide enterprise customers with a comprehensive dynamic vulnerability management solution for web and mobile applications. Denim Group's ThreadFix application vulnerability management platform is now able to import the results from NTO's application scanner, enabling organizations to compare and analyze the results of other testing efforts and have a more complete picture of the results of their application security testing program.

"NTO is doing some very interesting things with their scanning technology, particularly related to testing for thick client applications and web services," said Denim Group CTO Dan Cornell. "By building the connector with ThreadFix, NTOSpider users can now import the results of their scanning efforts and manage them alongside static analysis or manual testing results to get a deeper understanding of where their application vulnerabilities lie."

NTOSpider's dynamic application security testing (DAST) engine allows companies to test mobile and web applications built with the newest programming technologies like REST, AJAX, JSON and GWT. Prior to NTOSpider, this testing had to be done manually. NTOSpider offers a repeatable, rapid, and comprehensive automated application security testing solution that now frees up security analysts to spend more time on other activities that must be done to properly secure software. NTOSpider offers more comprehensive application coverage combined with sophisticated attack methodologies as well as high rates for eliminating false positive and false negative findings. This makes the scanner an important weapon in the security team's arsenal for speeding up time to market.

"Application security teams can now use the efficiency of both ThreadFix and NTO Spider to analyze test results faster, creating a holistic view of the corporation's security posture that reduces the risk of damage to the company's intellectual property, data, and web applications," said Dan Kuykendall, NT OBJECTives co-CEO. "ThreadFix users benefit from this integration and can now consolidate the results of other testing activities to provide a full view of these efforts."

Typically, an organization's security team uses a combination of dynamic and static scanners as well as manual testing to identify potentially thousands of vulnerabilities in applications. In the past, these disparate results were typically haphazardly managed with inefficient Excel spreadsheets to track the status of each of these vulnerabilities. ThreadFix simplifies this process by importing dynamic, static and manual testing results into a centralized console that removes duplicate findings across testing platforms resulting in a prioritized security vulnerability list for each application. Unlike infrastructure security problems inside an organization, application vulnerabilities can only be fixed by software development teams. To enable this cooperation, ThreadFix exports its prioritized security vulnerability list into the defect trackers already used by development teams, translating vulnerabilities into software defects and essentially injecting these security tasks into the developer's regular work flow. By acting as a crucial link between the security and development teams, ThreadFix creates meaningful and productive two-way communications that dramatically streamline and accelerate the application vulnerability resolution process. The result is that with ThreadFix, applications vulnerabilities get fixed faster, reducing software risk and protecting corporate assets.

About NT OBJECTives

NT OBJECTives is an innovative provider of comprehensive application security solutions designed to help organizations discover threats, analyze risk and develop sound security strategies. Its unique technology provides automated and accurate application vulnerability assessment regardless of site complexity, while its world-renowned team of security professionals provides expert knowledge transfer and technical services to help businesses understand, build and achieve application security compliance. NTO is privately held with headquarters in Irvine, CA. For more information about NT OBJECTives, visit http://www.ntobjectives.com.

About Denim Group

Denim Group, the leading secure software development firm, builds custom large-scale software development projects across multiple platforms, languages and applications. What makes Denim Group unique is that the company brings significant core competencies in software security to the table, offering an innovative blend of secure application development, security assessments, application security trainingand consulting capabilities that protect a company's biggest asset, its data. Denim Group customers span an international client base of commercial and public sector organizations across the financial services, banking, insurance, healthcare and defense industries. Its depth of experience building large-scale software development systems in a secure fashion has made the company's leaders recognized experts in their fields. Denim Group has been recognized as one of the 5,000 Fastest Growing Company's by Inc. Magazine several years in a row, and has won multiple other awards as well. For more information about Denim Group, visit http://www.denimgroup.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.